CVE-2025-48046

An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.

CVSS

No CVSS.

References

Link	Resource
https://www.rapid7.com/blog/post/2025/05/29/cve-2025-48045-cve-2025-48046-cve-2025-48047-mici-netfax-server-product-vulnerabilities-not-fixed/

Configurations

No configuration.

History

29 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-29 13:15

Updated : 2025-05-29 14:29

NVD link : CVE-2025-48046

Mitre link : CVE-2025-48046

CVE.ORG link : CVE-2025-48046

JSON object : View

Products Affected

No product.

CWE

CWE-260

Password in Configuration File