CVE-2025-48045

An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.

CVSS

No CVSS.

References

Link	Resource
https://www.rapid7.com/blog/post/2025/05/29/cve-2025-48045-cve-2025-48046-cve-2025-48047-mici-netfax-server-product-vulnerabilities-not-fixed/

Configurations

No configuration.

History

29 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-29 13:15

Updated : 2025-05-29 14:29

NVD link : CVE-2025-48045

Mitre link : CVE-2025-48045

CVE.ORG link : CVE-2025-48045

JSON object : View

Products Affected

No product.

CWE

CWE-201

Insertion of Sensitive Information Into Sent Data