CVE-2025-7426

MINOVA TTA Information Disclosure and Credential Exposure

CVSS 9.3 CRITICALEPSS 0.3%CWE-200 CWE-312 CWE-532

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

25 ago 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse. Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H

Produtos afetados

MINOVA Information Services GmbH · TTA

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html https://www.minova.de/de/tta.html