CVE-2025-9139

A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower."

CVSS

No CVSS.

References

Link	Resource
https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Sensitive%20User%20Information%20Disclosure%20via%20WatchListDwr.init.dwr%20Endpoint.md#proof-of-concept-poc
https://vuldb.com/?ctiid.320519
https://vuldb.com/?id.320519
https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Sensitive%20User%20Information%20Disclosure%20via%20WatchListDwr.init.dwr%20Endpoint.md
https://vuldb.com/?submit.621062
https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Sensitive%20User%20Information%20Disclosure%20via%20WatchListDwr.init.dwr%20Endpoint.md#proof-of-concept-poc
https://vuldb.com/?submit.621062

Configurations

No configuration.

History

19 Aug 2025, 14:15

Type	Values Removed	Values Added
References	~~() https://vuldb.com/?submit.621062 -~~	() https://vuldb.com/?submit.621062 -
CWE	CWE-284 CWE-200
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : unknown

19 Aug 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-19 13:15

Updated : 2025-08-19 14:15

NVD link : CVE-2025-9139

Mitre link : CVE-2025-9139

JSON object : View

Products Affected

No product.

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Sensitive%20User%20Information%20Disclosure%20via%20WatchListDwr.init.dwr%20Endpoint.md#proof-of-concept-poc", "name": "https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Sensitive%20User%20Information%20Disclosure%20via%20WatchListDwr.init.dwr%20Endpoint.md#proof-of-concept-poc", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.320519", "name": "VDB-320519 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?id.320519", "name": "VDB-320519 | Scada-LTS WatchListDwr.init.dwr information disclosure", "tags": [], "refsource": ""}, {"url": "https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Sensitive%20User%20Information%20Disclosure%20via%20WatchListDwr.init.dwr%20Endpoint.md", "name": "https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Sensitive%20User%20Information%20Disclosure%20via%20WatchListDwr.init.dwr%20Endpoint.md", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?submit.621062", "name": "Submit #621062 | SCADA-LTS Scada-LTS 2.7.8.1 Exposure of Private Personal Information to an Unauthorized Acto", "tags": [], "refsource": ""}, {"url": "https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Sensitive%20User%20Information%20Disclosure%20via%20WatchListDwr.init.dwr%20Endpoint.md#proof-of-concept-poc", "name": "https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Sensitive%20User%20Information%20Disclosure%20via%20WatchListDwr.init.dwr%20Endpoint.md#proof-of-concept-poc", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?submit.621062", "name": "https://vuldb.com/?submit.621062", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor explains: \"[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower.\""}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-9139", "ASSIGNER": "cna@vuldb.com"}}, "impact": {}, "publishedDate": "2025-08-19T13:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-19T14:15Z"}