Cyber Posture

CVE-2025-67223

High

Published: 28 April 2026

Published
28 April 2026
Modified
28 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0015 35.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67223 is a high-severity Insecure Temporary File (CWE-377) vulnerability in Arandasoft (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and AU-9 (Protection of Audit Information).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-22 Publicly Accessible Content good match
prevent

Directly restricts public access to system-generated logs containing sensitive file paths in publicly accessible directories.

AU-9 Protection of Audit Information good match
prevent

Protects audit and activity logs from unauthorized access, preventing exposure of virtual paths to sensitive PII files.

SC-14 Public Access Protections good match
prevent

Implements security safeguards for systems providing public access, such as file servers, to block unauthenticated retrieval of logs and sensitive documents.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Public-facing AFS component allows unauthenticated log access revealing predictable file paths (T1190), directly enabling file/directory discovery (T1083) and unauthorized retrieval of sensitive local documents (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and…

more

bypass access controls to download sensitive documents containing PII.

Deeper analysisAI

CVE-2025-67223 is a vulnerability in the Aranda File Server (AFS) component of Aranda Software's Aranda Service Desk prior to version 8.3.12. It arises because daily activity logs are stored with predictable names in a publicly accessible directory, enabling attackers to obtain direct virtual paths to uploaded files. This flaw, associated with CWE-377 (Insecure Temporary File) and CWE-532 (Information Exposure Through Log Files), has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Unauthenticated remote attackers can exploit this issue over the network with low complexity and no user interaction required. By accessing the publicly exposed logs, they can enumerate virtual paths to uploaded files, bypass access controls, and download sensitive documents containing personally identifiable information (PII), resulting in high confidentiality impact.

Mitigation involves upgrading to Aranda Service Desk 8.3.12 or later. Vendor resources include the product page at https://arandasoft.com/en/productos/aranda-service-management/, release notes on the file server at https://docs.arandasoft.com/at-v8-release-notes/en/pages/release_pdf/file_server.html, and a GitHub repository at https://github.com/brandonperezlara/CVE-2025-67223 providing further details.

Details

CWE(s)
CWE-377CWE-532

Affected Products

Arandasoft
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-24308Shared CWE-532
CVE-2025-24556Shared CWE-532
CVE-2025-0976Shared CWE-532
CVE-2026-20204Shared CWE-377
CVE-2025-23374Shared CWE-532
CVE-2026-25813Shared CWE-532
CVE-2024-48852Shared CWE-532
CVE-2025-66236Shared CWE-532
CVE-2025-24984Shared CWE-532
CVE-2026-22778Shared CWE-532

References