CVE-2025-2147
Published: 10 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-2147 is a vulnerability affecting Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System version 1.0. The issue resides in an unknown function across multiple endpoints, enabling files or directories to be accessible through manipulation. Classified as problematic, it maps to CWEs-425 (Unrestricted Upload of File with Dangerous Type) and CWE-552 (Files or Directories Accessible to External Parties), with a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
The vulnerability is exploitable remotely by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation grants limited access to confidential information, such as unauthorized file or directory disclosure, without impacting integrity or availability.
VulDB advisories indicate the vendor was contacted early about the disclosure but provided no response. The exploit has been publicly disclosed, including details in a GitHub repository, and may be actively used by attackers. No patches or mitigations are referenced in the available sources.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is in a public-facing web application and allows remote unauthenticated access to files/directories via manipulation, directly enabling T1190 (exploiting public-facing apps) and facilitating T1083 (file/directory discovery) and T1005 (data from local system).