cbcvebase.
CVE-2009-10005
published 2025-08-20

CVE-2009-10005: ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing…

PriorityP264high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.72%
49.3th percentile
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.

Affected

1 ranges
VendorProductVersion rangeFixed in
contentkeeper_technologiesweb_appliance< 125.10125.10

Detection & IOCsextracted from sources · hover to see the quote

url/cgi-bin/ck/mimencode
path/etc/passwd
  • Monitor for unauthenticated POST requests to /cgi-bin/ck/mimencode, particularly those containing path traversal sequences or parameters specifying output file paths, which indicate exploitation of the mimencode file disclosure vulnerability.
  • Alert on any HTTP request targeting the mimencode CGI endpoint on ContentKeeper Web Appliances (versions prior to 125.10) from unauthenticated sources, as the binary is exposed without authentication controls.
  • The Metasploit auxiliary module `auxiliary/admin/http/contentkeeper_fileaccess` can be used to test for this vulnerability; presence of this module in attacker tooling or logs referencing it may indicate active exploitation attempts.
  • ·Exploitation requires no authentication; there is no credential-based barrier to reaching the vulnerable CGI endpoint, meaning network-level access controls are the primary mitigation layer.
  • ·The vulnerability affects ContentKeeper Web Appliance versions strictly prior to 125.10; detections and mitigations should be scoped to appliances running older firmware.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.