CVE-2025-63958
Published: 24 November 2025
Summary
CVE-2025-63958 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Millensys Vision Tools Workspace. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-14 explicitly identifies and restricts privileged actions like accessing the /MILLENSYS/settings endpoint that can be performed without authentication, directly preventing unauthenticated exposure of sensitive configuration data.
AC-3 enforces approved access authorizations on system resources, mitigating the missing access controls on the privileged administrative endpoint that leaks database credentials and other sensitive information.
AC-6 applies least privilege to limit access to sensitive configuration endpoints and data only to authorized users necessary for tasks, reducing the impact of improper access controls.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated access to the /MILLENSYS/settings endpoint enables exploitation of a public-facing application (T1190) to directly disclose unsecured credentials and configuration details (T1552.001), facilitating credential access, database access, and lateral movement.
NVD Description
MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information…
more
by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function.
Deeper analysisAI
MILLENSYS Vision Tools Workspace version 6.5.0.2585 contains a critical vulnerability, tracked as CVE-2025-63958, where the endpoint /MILLENSYS/settings is exposed without authentication requirements. This administrative page discloses sensitive information in plaintext, including database credentials, file share paths, internal license server configurations, and software update parameters. The issue stems from missing access controls on a privileged function, classified under CWE-200 (Exposure of Sensitive Information), CWE-284 (Improper Access Control), and CWE-306 (Missing Authentication for Critical Function), with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An unauthenticated attacker with network access can exploit this vulnerability by directly requesting the /MILLENSYS/settings endpoint, retrieving the leaked configuration data without any prerequisites. This exposure enables further attacks, such as unauthorized database access, lateral movement via file shares, tampering with license servers, or manipulating updates, potentially resulting in full system compromise.
Advisories detailing the vulnerability are available at https://ozex.gitlab.io/tricks_hacks/2025-11-19-cve-2025-63958/index.html, while the vendor site at https://www.millensys.com/ provides additional context on the affected MILLENSYS Vision Tools Workspace software.
Details
- CWE(s)