CVE-2024-48125

High

Published: 15 January 2025

Published

15 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0028 51.0th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests.

Security Summary

CVE-2024-48125 is an information disclosure vulnerability (CWE-200) affecting the AsDB service in HI-SCAN 6040i Hitrax HX-03-19-I. The issue enables attackers to enumerate user credentials by sending crafted GIOP protocol requests to the service. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to significant confidentiality impact.

The vulnerability can be exploited by unauthenticated attackers with network access to the affected service, requiring low attack complexity and no user interaction. Successful exploitation allows remote extraction of sensitive user credentials, potentially enabling further unauthorized access or lateral movement within the target's environment.

Mitigation details are available in the referenced advisory at https://kth.diva-portal.org/smash/get/diva2:1876534/FULLTEXT01.pdf, published alongside the CVE on 2025-01-15.

Details

CWE(s): CWE-200

References

https://kth.diva-portal.org/smash/get/diva2:1876534/FULLTEXT01.pdf
cve@mitre.org