CVE-2025-12055

CVE-2025-12055: Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System

Vendor Mpdv Mikrolab Gmbh
Product MIP 2
Weakness CWE-22 · Path traversal
Published October 27, 2025
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.

Key dates

02Disclosure timeline

October 27, 2025 CVE published
November 3, 2025 Record updated