CVE-2025-22961

A critical information disclosure vulnerability, designated CVE-2025-22961, affects the web-based management interface of GatesAir Maxiva UAXT and VAXT transmitters. The issue stems from incorrect access control (CWE-284), enabling unauthenticated attackers to directly access sensitive database backup files, specifically snapshot_users.db, through publicly exposed URLs such as /logs/devcfg/snapshot/ and /logs/devcfg/user/. This flaw, published on 2025-02-13, carries a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and is also associated with CWE-200.

Unauthenticated remote attackers can exploit this vulnerability by simply navigating to the exposed URLs on a vulnerable transmitter's management interface, requiring no privileges or user interaction beyond network access. Successful exploitation allows retrieval of sensitive user data, including login credentials, which could enable attackers to authenticate to the system and potentially achieve full compromise, such as executing arbitrary commands or disrupting broadcast operations.

Details on exploitation and proof-of-concept demonstrations are available in the research repository at https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22961, though no vendor advisories or patches are referenced in the available information.