Cyber Posture

CVE-2025-63958

CriticalPublic PoC

Published: 24 November 2025

Published
24 November 2025
Modified
30 December 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0037 58.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information…

more

by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

AC-14 explicitly identifies and restricts privileged actions like accessing the /MILLENSYS/settings endpoint that can be performed without authentication, directly preventing unauthenticated exposure of sensitive configuration data.

AC-3 Access Enforcement good match
prevent

AC-3 enforces approved access authorizations on system resources, mitigating the missing access controls on the privileged administrative endpoint that leaks database credentials and other sensitive information.

AC-6 Least Privilege partial match
prevent

AC-6 applies least privilege to limit access to sensitive configuration endpoints and data only to authorized users necessary for tasks, reducing the impact of improper access controls.

Security SummaryAI

MILLENSYS Vision Tools Workspace version 6.5.0.2585 contains a critical vulnerability, tracked as CVE-2025-63958, where the endpoint /MILLENSYS/settings is exposed without authentication requirements. This administrative page discloses sensitive information in plaintext, including database credentials, file share paths, internal license server configurations, and software update parameters. The issue stems from missing access controls on a privileged function, classified under CWE-200 (Exposure of Sensitive Information), CWE-284 (Improper Access Control), and CWE-306 (Missing Authentication for Critical Function), with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An unauthenticated attacker with network access can exploit this vulnerability by directly requesting the /MILLENSYS/settings endpoint, retrieving the leaked configuration data without any prerequisites. This exposure enables further attacks, such as unauthorized database access, lateral movement via file shares, tampering with license servers, or manipulating updates, potentially resulting in full system compromise.

Advisories detailing the vulnerability are available at https://ozex.gitlab.io/tricks_hacks/2025-11-19-cve-2025-63958/index.html, while the vendor site at https://www.millensys.com/ provides additional context on the affected MILLENSYS Vision Tools Workspace software.

Details

CWE(s)
CWE-200CWE-284CWE-306

Affected Products

millensys
vision tools workspace
5.10.5.2429, 6.5.0.2585, 6.5.0.2596

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
Why these techniques?

Unauthenticated access to the /MILLENSYS/settings endpoint enables exploitation of a public-facing application (T1190) to directly disclose unsecured credentials and configuration details (T1552.001), facilitating credential access, database access, and lateral movement.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References