CVE-2025-43928 MEDIUM

CVE-2025-43928

Vendor Infodraw
Product Media Relay Service
Weakness CWE-24
Published April 20, 2025
Last update April 21, 2025

CVSS base score

5.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing.

Key dates

02Disclosure timeline

April 20, 2025 CVE published
April 21, 2025 Record updated