cbcvebase.
CVE-2025-34119
published 2025-07-16

CVE-2025-34119: A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens…

PriorityP266high8.8CVSS 4.0
AVNACLATNPRNUINVCHVILVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.52%
71.4th percentile
A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.

Affected

1 ranges
VendorProductVersion rangeFixed in
tinasofteasycafe_server

Detection & IOCsextracted from sources · hover to see the quote

port831/TCP
versionEasyCafe Server 2.2.14
bytes
opcode 0x43
  • Monitor for unauthenticated inbound TCP connections to port 831, particularly from external/untrusted sources, which may indicate exploitation attempts against EasyCafe Server.
  • Inspect TCP payloads on port 831 for the presence of opcode byte 0x43 followed by an absolute file path string, which is the hallmark of a CVE-2025-34119 exploitation attempt.
  • Alert on EasyCafe Server processes returning file contents over TCP/831 to unauthenticated sessions — successful exploitation results in file content being returned without authentication.
  • Note: if the requested file does not exist, the server will generate a popup messagebox — this side-effect on the host can serve as an indicator of active probing/exploitation.
  • ·Vulnerability is confirmed only against EasyCafe Server 2.2.14 in Trial and Demo modes; behavior on other versions or licensing modes is unverified.
  • ·The exploit targets Windows environments (XP SP3 and Windows 7 SP1 confirmed); detection rules should account for the Windows file path format (e.g., absolute paths with drive letters) in the TCP/831 payload.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.