CVE-2025-12055
published 2025-10-27CVE-2025-12055: HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36…
PriorityP178high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.65%
88.2th percentile
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mpdv_mikrolab_gmbh | fedra_2 | — | — |
| mpdv_mikrolab_gmbh | hydra_x | — | — |
| mpdv_mikrolab_gmbh | mip_2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
shodan-query: http.html:"MPDV"
yara↗
contains_all(body, "bit app support", "fonts", "extensions") AND contains(content_type, "application/octet-stream") AND status_code == 200
- →Exploit targets the GET endpoint /hx/resources/public/$SCHEMAS$ with a 'Filename' parameter containing a URL-encoded Windows path (e.g., c%3a%5cwindows%5cwin.ini) — monitor HTTP GET requests to this path for path traversal sequences. ↗
- →Successful exploitation returns HTTP 200 with Content-Type 'application/octet-stream' and body containing win.ini markers ('bit app support', 'fonts', 'extensions') — alert on this response pattern from the $SCHEMAS$ endpoint. ↗
- →The vulnerability is unauthenticated — no session or credentials are required. Any request to the $SCHEMAS$ resource with a Filename parameter pointing outside the web root should be treated as suspicious. ↗
- →Use Shodan/FOFA to identify exposed MPDV instances: search for http.html:"MPDV" or body="MPDV" to enumerate attack surface. ↗
- ·Affected versions are all releases up to and including Maintenance Pack 36 with Servicepack 8 (week 36/2025) for HYDRA X, MIP 2, and FEDRA 2 — patched versions beyond this threshold are not vulnerable. ↗
- ·The nuclei template notes 'exploit requires local access', but the CVSS vector is AV:N (network-accessible) — verify network exposure of the $SCHEMAS$ endpoint in your environment before assuming local-only risk. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mphm-qj4m-rgxx: HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance
ghsa_unreviewed·2025-10-27
CVE-2025-12055 [HIGH] CWE-22 GHSA-mphm-qj4m-rgxx: HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.
VulnCheck
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2025·CVSS 7.5
CVE-2025-12055 [HIGH] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.
Affected: MPDV HYDRA X/MIP 2/FEDRA 2
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2025-12055
No detection rules found.
Nuclei
MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal
nuclei·CVSS 7.5
CVE-2025-12055 [HIGH] MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal
MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal
MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 <= Maintenance Pack 36 with Servicepack 8 (week 36/2025) contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows OS files, exploit requires local access.
Template:
id: CVE-2025-12055
info:
name: MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal
author: theamanrawat
severity: high
description: |
MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 <= Maintenance Pack 36 with Servicepack 8 (week 36/2025) contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $S
No writeups or analysis indexed.
2025-10-27
Published
Exploited in the wild