CVE-2025-1595

MEDIUM NUCLEI

Anhui Xufan Information Technology EasyCVR <2.7.0 - Info Disclosure

Title source: llm

Description

A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Nuclei Templates (1)

EasyCVR <=2.1.2 - Information Disclosure

MEDIUMVERIFIEDby ritikchaddha

Shodan: http.title:"EasyCVR"

FOFA: title="EasyCVR"

References (4)

[Various Sources] https://github.com/MH521/POC/blob/main/EasyCVR-%E8%A7%86%E9%A2%91%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0getbaseconfig%E6%8E%A5%E5%8F%A3%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.md

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.296590

[Permissions Required, VDB Entry] https://vuldb.com/?id.296590

[Permissions Required, VDB Entry] https://vuldb.com/?submit.497485

Scores

CVSS v3 5.3

EPSS 0.0482

EPSS Percentile 89.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200 CWE-284

Status published

Products (8)

Anhui Xufan Information Technology/EasyCVR 2.0

Anhui Xufan Information Technology/EasyCVR 2.1

Anhui Xufan Information Technology/EasyCVR 2.2

Anhui Xufan Information Technology/EasyCVR 2.3

Anhui Xufan Information Technology/EasyCVR 2.4

Anhui Xufan Information Technology/EasyCVR 2.5

Anhui Xufan Information Technology/EasyCVR 2.6

Anhui Xufan Information Technology/EasyCVR 2.7

Published Feb 23, 2025

Tracked Since Feb 18, 2026