CVE-2025-34119

HIGH

EasyCafe Server <2.2.14 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-34119. PoCs published by R-73eN, R-73eN, bcoles, including Metasploit module auxiliary/scanner/misc/easycafe_server_fileaccess.

AI-analyzed exploit summary This exploit leverages a lack of request validation in EasyCafe Server to read arbitrary files by sending a crafted payload to port 831. The server does not verify if the request was initiated via UDP, allowing unauthorized file retrieval.

Description

A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.

Exploits (2)

exploitdb WORKING POC VERIFIED

by R-73eN · pythonremotewindows

https://www.exploit-db.com/exploits/39102

View Code ZIP pw:eip

This exploit leverages a lack of request validation in EasyCafe Server to read arbitrary files by sending a crafted payload to port 831. The server does not verify if the request was initiated via UDP, allowing unauthorized file retrieval.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: EasyCafe Server <= 2.2.14

No auth needed

Prerequisites: Network access to the target server on port 831

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by R-73eN, bcoles · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/misc/easycafe_server_fileaccess.rb

View Code ZIP pw:eip

This Metasploit module exploits a file retrieval vulnerability in EasyCafe Server by sending a crafted packet (opcode 0x43) to port 831/TCP, allowing arbitrary file reads. It includes functionality to download and store the retrieved file.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: EasyCafe Server 2.2.14

No auth needed

Prerequisites: Network access to port 831/TCP · Knowledge of target file path

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/misc/easycafe_server_fileaccess.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/39102

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/easy-cafe-server-remote-file-disclosure

Scores

CVSS v4 8.8

EPSS 0.0189

EPSS Percentile 76.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-306 CWE-668

Status published

Products (1)

Tinasoft/EasyCafe Server 2.2.14

Published Jul 16, 2025

Tracked Since Feb 18, 2026