Vulnerability Description
A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/aux
- https://www.exploit-db.com/exploits/39102
- https://www.vulncheck.com/advisories/easy-cafe-server-remote-file-disclosure
FAQ
What is CVE-2025-34119?
CVE-2025-34119 is a documented vulnerability. A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 ca...
How severe is CVE-2025-34119?
CVSS scoring is not yet available for CVE-2025-34119. Check NVD for updates.
Is there a patch for CVE-2025-34119?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.