← back
CVE-2025-7426

MINOVA TTA Information Disclosure and Credential Exposure

CVSS 9.3 CRITICALEPSS 0.3%CWE-200CWE-312CWE-532
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
25 Aug 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.  Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H
Affected products
MINOVA Information Services GmbH · TTA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.htmlhttps://www.minova.de/de/tta.html