CVE 9.8 CRITICAL

CVE-2025-63958_CVE-2025-63958

November 24, 2025 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function.

AI Analysis

Unauthenticated access to sensitive configuration endpoint, potentially leading to full system compromise.

Basic Information

ID CVE-2025-63958

Source mitre

Published Nov 24, 2025 at 00:00

Modified Nov 24, 2025 at 19:05

Affected Product

Vendor MILLENSYS

Product MILLENSYS Vision Tools Workspace

Version 6.5.0.2585

Affected Versions n/a n/a n/a

CWE Classification

CWE-306 CWE-200 CWE-284

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor MILLENSYS

Product MILLENSYS Vision Tools Workspace

Version 6.5.0.2585

References

{
    "lastseen": "",
    "description": "MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function.",
    "published": "2025-11-24T00:00:00.000Z",
    "modified": "2025-11-24T19:05:22.180Z",
    "type": "cve",
    "title": "CVE-2025-63958",
    "source": "mitre",
    "references": "https://www.millensys.com/\nhttps://ozex.gitlab.io/tricks_hacks/2025-11-19-cve-2025-63958/index.html",
    "id": "CVE-2025-63958",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-200",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MILLENSYS Vision Tools Workspace",
    "version": "6.5.0.2585",
    "vendor": "MILLENSYS",
    "ai_description": "Unauthenticated access to sensitive configuration endpoint, potentially leading to full system compromise.",
    "ai_severity": "Critical",
    "ai_vendor": "MILLENSYS",
    "ai_product": "MILLENSYS Vision Tools Workspace",
    "ai_version": "6.5.0.2585",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply