CVE-2025-23012

High

Published: 23 January 2025

Published

23 January 2025

Modified

07 October 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0011 29.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23012 is a high-severity Use of Default Credentials (CWE-1392) vulnerability in Fedorarepository Fcrepo. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 29.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SA-22 (Unsupported System Components).

Threat & Defense at a Glance

What attackers do: exploitation maps to Default Accounts (T1078.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the known flaw in Fedora Repository 3.8.x by requiring timely installation of patches or migration to a supported version like 6.5.1.

SA-22 Unsupported System Components good match

prevent

Prohibits the use of unsupported and unmaintained system components such as Fedora Repository 3.8.1, mandating replacement to eliminate the vulnerability.

IA-5 Authenticator Management good match

prevent

Requires changing default credentials for the fedoraIntCallUser service account, preventing exploitation via known default authenticators.

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth

Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

Default credentials on privileged service account directly enable use of default accounts for remote unauthenticated access; resulting arbitrary local file disclosure maps to data from local system.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1…

as of 2025-01-23).

Deeper analysisAI

CVE-2025-23012 is a vulnerability in Fedora Repository 3.8.x, including version 3.8.1 released on 2015-06-11, which is no longer maintained. The issue stems from a service account named fedoraIntCallUser that uses default credentials and has privileges allowing the reading of local files through manipulation of datastreams. It is classified under CWE-1392 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Remote attackers require no privileges, authentication, or user interaction to exploit this over the network with low complexity. Successful exploitation enables high-impact confidentiality violations, such as arbitrary local file disclosure on the affected system.

Advisories recommend migrating to a currently supported version, such as 6.5.1 as of 2025-01-23. Supporting resources include migration utilities at https://github.com/fcrepo-exts/migration-utils, release notes at https://github.com/fcrepo/fcrepo/releases, a CSAF document at https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-021-01.json, and XACML policy enforcement details at https://wiki.lyrasis.org/display/FEDORA38/XACML+Policy+Enforcement#XACMLPolicyEnforcement-4.1fedora-usersattributes.

Details

CWE(s): CWE-1392

Affected Products

fedorarepository

fcrepo

≤ 6.5.1

CVEs Like This One

CVE-2025-23011Same product: Fedorarepository Fcrepo

CVE-2025-8731Shared CWE-1392

CVE-2026-26341Shared CWE-1392

CVE-2025-1160Shared CWE-1392

CVE-2025-2398Shared CWE-1392

CVE-2025-54756Shared CWE-1392

CVE-2025-10542Shared CWE-1392

CVE-2026-27751Shared CWE-1392

CVE-2026-1803Shared CWE-1392

CVE-2026-1972Shared CWE-1392

References

https://github.com/fcrepo-exts/migration-utils
Product · 9119a7d8-5eab-497f-8521-727c672e3725
https://github.com/fcrepo/fcrepo/releases
Release Notes · 9119a7d8-5eab-497f-8521-727c672e3725
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-021-01.json
Product · 9119a7d8-5eab-497f-8521-727c672e3725
https://wiki.lyrasis.org/display/FEDORA38/XACML+Policy+Enforcement#XACMLPolicyEnforcement-4.1fedora-usersattributes
Technical Description · 9119a7d8-5eab-497f-8521-727c672e3725