CVE-2018-25137

HIGH

FLIR Brickstream 3D+ <2.1.742.1842 - Info Disclosure

Title source: llm

Description

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authentication bypass and privilege escalation.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/45599

View Code ZIP pw:eip

References (3)

[Various Sources] http://www.brickstream.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45599

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5495.php

Scores

CVSS v3 7.5

EPSS 0.0010

EPSS Percentile 27.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-306

Status draft

Timeline

Published Dec 24, 2025

Tracked Since Feb 18, 2026