Search

Find a vulnerability

Search criteria

    2 vulnerabilities by MINOVA Information Services GmbH

    CVE-2025-7426 (GCVE-0-2025-7426)

    Vulnerability from nvd – Published: 2025-08-25 08:52 – Updated: 2025-08-25 13:47
    VLAI
    Title
    MINOVA TTA Information Disclosure and Credential Exposure
    Summary
    Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.  Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-312 - Cleartext Storage of Sensitive Information
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    URL Tags
    https://www.minova.de/de/tta.html product
    https://www.cryptron.ch/en/blog-detail/security-a… technical-descriptionthird-party-advisory
    Impacted products
    Credits
    Stefan Mettler, Senior Penetration Tester from CRYPTRON Security GmbH Jasmin Frei, Senior Project Manager from CRYPTRON Security GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7426",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-25T13:47:32.941835Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-25T13:47:36.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "ch.minova.nservice"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "TTA",
              "vendor": "MINOVA Information Services GmbH",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.17.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Stefan Mettler, Senior Penetration Tester from CRYPTRON Security GmbH"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Jasmin Frei, Senior Project Manager from CRYPTRON Security GmbH"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.\u0026nbsp; Debug ports\u0026nbsp;1602,\u0026nbsp;1603 and\u0026nbsp;1636 also expose service architecture information and\u0026nbsp;system activity logs"
                }
              ],
              "value": "Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.\u00a0 Debug ports\u00a01602,\u00a01603 and\u00a01636 also expose service architecture information and\u00a0system activity logs"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-212",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-212 Functionality Misuse"
                }
              ]
            },
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            },
            {
              "capecId": "CAPEC-155",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-25T08:52:47.797Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.minova.de/de/tta.html"
            },
            {
              "tags": [
                "technical-description",
                "third-party-advisory"
              ],
              "url": "https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSecurity patch for all MINOVA TTA releases in progress.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Security patch for all MINOVA TTA releases in progress."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-08T22:00:00.000Z",
              "value": "First contact with the vendor - no response"
            },
            {
              "lang": "en",
              "time": "2025-05-25T22:00:00.000Z",
              "value": "Second mail to the vendor - no response"
            },
            {
              "lang": "en",
              "time": "2025-06-19T22:00:00.000Z",
              "value": "Third mail to the vendor and response received on the same day"
            },
            {
              "lang": "en",
              "time": "2025-06-22T22:00:00.000Z",
              "value": "Exchange of the security report to the vendor"
            },
            {
              "lang": "en",
              "time": "2025-07-07T22:00:00.000Z",
              "value": "Confirmation of the vulnerability by the vendor"
            },
            {
              "lang": "en",
              "time": "2025-08-25T09:59:00.000Z",
              "value": "Planned public disclosure (CVE publication)"
            }
          ],
          "title": "MINOVA TTA Information Disclosure and Credential Exposure",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDisable the output of debug information with sensitive content for the Minova TTA services on port/tcp 1602, 1603,\u0026nbsp;1604, 1636.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Disable the output of debug information with sensitive content for the Minova TTA services on port/tcp 1602, 1603,\u00a01604, 1636."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-7426",
        "datePublished": "2025-08-25T08:52:47.797Z",
        "dateReserved": "2025-07-10T09:22:44.017Z",
        "dateUpdated": "2025-08-25T13:47:36.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7426 (GCVE-0-2025-7426)

    Vulnerability from cvelistv5 – Published: 2025-08-25 08:52 – Updated: 2025-08-25 13:47
    VLAI
    Title
    MINOVA TTA Information Disclosure and Credential Exposure
    Summary
    Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.  Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-312 - Cleartext Storage of Sensitive Information
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    URL Tags
    https://www.minova.de/de/tta.html product
    https://www.cryptron.ch/en/blog-detail/security-a… technical-descriptionthird-party-advisory
    Impacted products
    Credits
    Stefan Mettler, Senior Penetration Tester from CRYPTRON Security GmbH Jasmin Frei, Senior Project Manager from CRYPTRON Security GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7426",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-25T13:47:32.941835Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-25T13:47:36.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "ch.minova.nservice"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "TTA",
              "vendor": "MINOVA Information Services GmbH",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.17.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Stefan Mettler, Senior Penetration Tester from CRYPTRON Security GmbH"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Jasmin Frei, Senior Project Manager from CRYPTRON Security GmbH"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.\u0026nbsp; Debug ports\u0026nbsp;1602,\u0026nbsp;1603 and\u0026nbsp;1636 also expose service architecture information and\u0026nbsp;system activity logs"
                }
              ],
              "value": "Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.\u00a0 Debug ports\u00a01602,\u00a01603 and\u00a01636 also expose service architecture information and\u00a0system activity logs"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-212",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-212 Functionality Misuse"
                }
              ]
            },
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            },
            {
              "capecId": "CAPEC-155",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-25T08:52:47.797Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.minova.de/de/tta.html"
            },
            {
              "tags": [
                "technical-description",
                "third-party-advisory"
              ],
              "url": "https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSecurity patch for all MINOVA TTA releases in progress.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Security patch for all MINOVA TTA releases in progress."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-08T22:00:00.000Z",
              "value": "First contact with the vendor - no response"
            },
            {
              "lang": "en",
              "time": "2025-05-25T22:00:00.000Z",
              "value": "Second mail to the vendor - no response"
            },
            {
              "lang": "en",
              "time": "2025-06-19T22:00:00.000Z",
              "value": "Third mail to the vendor and response received on the same day"
            },
            {
              "lang": "en",
              "time": "2025-06-22T22:00:00.000Z",
              "value": "Exchange of the security report to the vendor"
            },
            {
              "lang": "en",
              "time": "2025-07-07T22:00:00.000Z",
              "value": "Confirmation of the vulnerability by the vendor"
            },
            {
              "lang": "en",
              "time": "2025-08-25T09:59:00.000Z",
              "value": "Planned public disclosure (CVE publication)"
            }
          ],
          "title": "MINOVA TTA Information Disclosure and Credential Exposure",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDisable the output of debug information with sensitive content for the Minova TTA services on port/tcp 1602, 1603,\u0026nbsp;1604, 1636.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Disable the output of debug information with sensitive content for the Minova TTA services on port/tcp 1602, 1603,\u00a01604, 1636."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-7426",
        "datePublished": "2025-08-25T08:52:47.797Z",
        "dateReserved": "2025-07-10T09:22:44.017Z",
        "dateUpdated": "2025-08-25T13:47:36.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }