CVE-2025-34156

Q: How severe is CVE-2025-34156?

CVSS scoring is not yet available for CVE-2025-34156. Check NVD for updates.

Q: Is there a patch for CVE-2025-34156?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.

Vulnerability Description

Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could aid further compromise.

Related Weaknesses (CWE)

CWE-497

References

https://aggregate.digital/downloads.html
https://aggregate.digital/products/network-manager.html
https://www.vulncheck.com/advisories/tibbo-aggregate-network-manager-system-info

FAQ

What is CVE-2025-34156?

CVE-2025-34156 is a documented vulnerability. Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path detail...

How severe is CVE-2025-34156?

CVSS scoring is not yet available for CVE-2025-34156. Check NVD for updates.

Is there a patch for CVE-2025-34156?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.