cbcvebase.
CVE-2025-12055
published 2025-10-27

CVE-2025-12055: HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36…

PriorityP178high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.65%
88.2th percentile
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.

Affected

3 ranges
VendorProductVersion rangeFixed in
mpdv_mikrolab_gmbhfedra_2
mpdv_mikrolab_gmbhhydra_x
mpdv_mikrolab_gmbhmip_2

Detection & IOCsextracted from sources · hover to see the quote

url/hx/resources/public/$SCHEMAS$?Filename=c%3a%5cwindows%5cwin.ini
path/hx/resources/public/$SCHEMAS$
sigma
shodan-query: http.html:"MPDV"
yara
contains_all(body, "bit app support", "fonts", "extensions") AND contains(content_type, "application/octet-stream") AND status_code == 200
  • Exploit targets the GET endpoint /hx/resources/public/$SCHEMAS$ with a 'Filename' parameter containing a URL-encoded Windows path (e.g., c%3a%5cwindows%5cwin.ini) — monitor HTTP GET requests to this path for path traversal sequences.
  • Successful exploitation returns HTTP 200 with Content-Type 'application/octet-stream' and body containing win.ini markers ('bit app support', 'fonts', 'extensions') — alert on this response pattern from the $SCHEMAS$ endpoint.
  • The vulnerability is unauthenticated — no session or credentials are required. Any request to the $SCHEMAS$ resource with a Filename parameter pointing outside the web root should be treated as suspicious.
  • Use Shodan/FOFA to identify exposed MPDV instances: search for http.html:"MPDV" or body="MPDV" to enumerate attack surface.
  • ·Affected versions are all releases up to and including Maintenance Pack 36 with Servicepack 8 (week 36/2025) for HYDRA X, MIP 2, and FEDRA 2 — patched versions beyond this threshold are not vulnerable.
  • ·The nuclei template notes 'exploit requires local access', but the CVSS vector is AV:N (network-accessible) — verify network exposure of the $SCHEMAS$ endpoint in your environment before assuming local-only risk.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.