CVE-2025-2652
Published: 23 March 2025
Description
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Security Summary
CVE-2025-2652 is a vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System 1.0, classified as problematic due to exposure of information through directory listing. It affects an unknown functionality across multiple sub-directories, enabling remote attackers to access sensitive directory contents without authentication.
The vulnerability can be exploited remotely by unauthenticated attackers with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Successful exploitation allows attackers to view directory listings, potentially disclosing file names, paths, or other configuration details that could aid further reconnaissance or attacks.
Advisories recommend changing configuration settings to mitigate the issue, such as disabling directory listing on affected web servers. The exploit has been publicly disclosed, with details available on platforms like GitHub and VulDB, increasing the risk of widespread use.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The directory listing exposure directly enables remote unauthenticated File and Directory Discovery (T1083) by disclosing file names, paths, and configuration details.