CVE-2025-22961
Published: 13 February 2025
Summary
CVE-2025-22961 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations to prevent unauthenticated access to sensitive database backup files via exposed web management interface URLs.
Restricts and protects public access points on the web interface to block unauthorized retrieval of sensitive user credentials from exposed paths.
Controls creation, distribution, and monitoring of publicly accessible content to ensure sensitive backup files like snapshot_users.db are not exposed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing web management interface enables direct unauthenticated access (T1190) to local credential database files (T1552.001).
NVD Description
A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers can directly access sensitive database backup files (snapshot_users.db) via publicly exposed URLs (/logs/devcfg/snapshot/ and /logs/devcfg/user/).…
more
Exploiting this vulnerability allows retrieval of sensitive user data, including login credentials, potentially leading to full system compromise.
Deeper analysisAI
A critical information disclosure vulnerability, designated CVE-2025-22961, affects the web-based management interface of GatesAir Maxiva UAXT and VAXT transmitters. The issue stems from incorrect access control (CWE-284), enabling unauthenticated attackers to directly access sensitive database backup files, specifically snapshot_users.db, through publicly exposed URLs such as /logs/devcfg/snapshot/ and /logs/devcfg/user/. This flaw, published on 2025-02-13, carries a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and is also associated with CWE-200.
Unauthenticated remote attackers can exploit this vulnerability by simply navigating to the exposed URLs on a vulnerable transmitter's management interface, requiring no privileges or user interaction beyond network access. Successful exploitation allows retrieval of sensitive user data, including login credentials, which could enable attackers to authenticate to the system and potentially achieve full compromise, such as executing arbitrary commands or disrupting broadcast operations.
Details on exploitation and proof-of-concept demonstrations are available in the research repository at https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22961, though no vendor advisories or patches are referenced in the available information.
Details
- CWE(s)