MINOVA TTA Information Disclosure and Credential Exposure_CVE-2025-7426

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H

Description

Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse. Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs

Basic Information

ID CVE-2025-7426

Source NCSC.ch

Published Aug 25, 2025 at 08:52

Affected Product

Vendor MINOVA Information Services GmbH

Product TTA

Version 11.17.0

Affected Versions MINOVA Information Services GmbH TTA 11.17.0

CWE Classification

CWE-200 CWE-312 CWE-532

References

{
    "lastseen": "",
    "description": "Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.\u00a0 Debug ports\u00a01602,\u00a01603 and\u00a01636 also expose service architecture information and\u00a0system activity logs",
    "published": "2025-08-25T08:52:47.797Z",
    "modified": "2025-08-25T08:52:47.797Z",
    "type": "cve",
    "title": "MINOVA TTA Information Disclosure and Credential Exposure",
    "source": "NCSC.ch",
    "references": "https://www.minova.de/de/tta.html\nhttps://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html",
    "id": "CVE-2025-7426",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-312",
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "MINOVA Information Services GmbH TTA 11.17.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TTA",
    "version": "11.17.0",
    "vendor": "MINOVA Information Services GmbH",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}