EasyCafe Server 2.2.14 Remote File Disclosure via Opcode 0x43

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.

Basic Information

ID CVE-2025-34119

Source VulnCheck

Published Jul 16, 2025 at 21:04

Modified Jul 17, 2025 at 19:59

Affected Product

Vendor Tinasoft

Product EasyCafe Server

Version 2.2.14

Affected Versions Tinasoft EasyCafe Server 2.2.14

CWE Classification

CWE-668 CWE-306

References

{
    "lastseen": "",
    "description": "A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.",
    "published": "2025-07-16T21:04:35.633Z",
    "modified": "2025-07-17T19:59:53.850Z",
    "type": "cve",
    "title": "EasyCafe Server 2.2.14 Remote File Disclosure via Opcode 0x43",
    "source": "VulnCheck",
    "references": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/misc/easycafe_server_fileaccess.rb\nhttps://www.exploit-db.com/exploits/39102\nhttps://www.vulncheck.com/advisories/easy-cafe-server-remote-file-disclosure",
    "id": "CVE-2025-34119",
    "bulletinFamily": "",
    "cwe": [
        "CWE-668",
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Tinasoft EasyCafe Server 2.2.14",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EasyCafe Server",
    "version": "2.2.14",
    "vendor": "Tinasoft",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

EasyCafe Server 2.2.14 Remote File Disclosure via Opcode 0x43_CVE-2025-34119