Vulnerability Details CVE-2025-43928
In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.8%
CVSS Severity
CVSS v3 Score 5.8
References
Products affected by CVE-2025-43928
-
cpe:2.3:h:infodraw:pmrs-102:-
-
cpe:2.3:o:infodraw:pmrs-102_firmware:7.1.0.0