CVE-2025-48045
published 2025-05-29CVE-2025-48045: An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.
PriorityP354high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.57%
43.0th percentile
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mici_network_co_ltd | netfax_server | < 3.0.1.0 | 3.0.1.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M2 (CVE-2025-48047)
suricata·2025-05-29·CVSS 9.4
CVE-2025-48047 [CRITICAL] ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M2 (CVE-2025-48047)
ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M2 (CVE-2025-48047)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M2 (CVE-2025-48047)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/test.php"; startswith; http.request_body; content:"g_ETHNAMESERVER2|3d|"; fast_pattern; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,www.rapid7.com/blog/post/2025/05/29/cve-2025-48045-cve-2025-48046-cve-2025-48047-mici-netfax-server-product-vulnerabilities-not-fixed/; reference:cve,2025-48047; classtype:attempted-admin; sid:2062632; rev:1; metadata:affected_product NetFax, attack_
Suricata
ET WEB_SPECIFIC_APPS Netfax client.php Admin Credentials Disclosure Attempt (CVE-2025-48045)
suricata·2025-05-29·CVSS 8.7
CVE-2025-48045 [HIGH] ET WEB_SPECIFIC_APPS Netfax client.php Admin Credentials Disclosure Attempt (CVE-2025-48045)
ET WEB_SPECIFIC_APPS Netfax client.php Admin Credentials Disclosure Attempt (CVE-2025-48045)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Netfax client.php Admin Credentials Disclosure Attempt (CVE-2025-48045)"; flow:established,to_server; flowbits:set,ET.Netfax.Info_disclosure; http.method; content:"GET"; http.uri; content:"/client.php?"; startswith; content:"_dc"; content:"_type|3d|info"; fast_pattern; reference:url,www.rapid7.com/blog/post/2025/05/29/cve-2025-48045-cve-2025-48046-cve-2025-48047-mici-netfax-server-product-vulnerabilities-not-fixed/; reference:cve,2025-48045; classtype:attempted-admin; sid:2062628; rev:1; metadata:affected_product NetFax, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_05_29, cve CVE_2025_48045, deployment
Suricata
ET WEB_SPECIFIC_APPS Netfax client.php Successful Admin Credentials Disclosure Response (CVE-2025-48045)
suricata·2025-05-29·CVSS 8.7
CVE-2025-48045 [HIGH] ET WEB_SPECIFIC_APPS Netfax client.php Successful Admin Credentials Disclosure Response (CVE-2025-48045)
ET WEB_SPECIFIC_APPS Netfax client.php Successful Admin Credentials Disclosure Response (CVE-2025-48045)
Rule: alert http $HOME_NET any -> any any (msg:"ET WEB_SPECIFIC_APPS Netfax client.php Successful Admin Credentials Disclosure Response (CVE-2025-48045)"; flow:established,to_client; flowbits:isset,ET.Netfax.Info_disclosure; http.stat_code; content:"200"; http.response_body; content:"|22|username|3d|"; content:"|3b|password|3d|"; content:"|22|name|22 3a 20 22|NetFax"; fast_pattern; content:"|22|file|22 3a 20 22|client/setup.desc|22|"; reference:url,www.rapid7.com/blog/post/2025/05/29/cve-2025-48045-cve-2025-48046-cve-2025-48047-mici-netfax-server-product-vulnerabilities-not-fixed/; reference:cve,2025-48045; classtype:trojan-activity; sid:2062629; rev:1; metadata:affected_product NetFax
Suricata
ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M1 (CVE-2025-48047)
suricata·2025-05-29·CVSS 9.4
CVE-2025-48047 [CRITICAL] ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M1 (CVE-2025-48047)
ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M1 (CVE-2025-48047)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M1 (CVE-2025-48047)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/test.php?"; startswith; content:"g_ETHNAMESERVER2|3d|"; fast_pattern; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,www.rapid7.com/blog/post/2025/05/29/cve-2025-48045-cve-2025-48046-cve-2025-48047-mici-netfax-server-product-vulnerabilities-not-fixed/; reference:cve,2025-48047; classtype:attempted-admin; sid:2062631; rev:1; metadata:affected_product NetFax, attack_target Networking_E
Suricata
ET WEB_SPECIFIC_APPS Netfax config.php Successful SMTP Disclosure Response (CVE-2025-48046)
suricata·2025-05-29·CVSS 5.3
CVE-2025-48046 [MEDIUM] ET WEB_SPECIFIC_APPS Netfax config.php Successful SMTP Disclosure Response (CVE-2025-48046)
ET WEB_SPECIFIC_APPS Netfax config.php Successful SMTP Disclosure Response (CVE-2025-48046)
Rule: alert http $HOME_NET any -> any any (msg:"ET WEB_SPECIFIC_APPS Netfax config.php Successful SMTP Disclosure Response (CVE-2025-48046)"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"|22|g_MAILSMTP|22 3a 22|"; fast_pattern; content:"|22|g_SMTPUSER|22 3a 22|"; content:"|22|g_SMTPPASSWORD|22 3a 22|"; reference:url,www.rapid7.com/blog/post/2025/05/29/cve-2025-48045-cve-2025-48046-cve-2025-48047-mici-netfax-server-product-vulnerabilities-not-fixed/; reference:cve,2025-48046; classtype:trojan-activity; sid:2062630; rev:1; metadata:affected_product NetFax, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_05_29, cve CVE_2025_48046, dep
No public exploits indexed.
No writeups or analysis indexed.
2025-05-29
Published