CRITICAL🇵🇱 Wersja polska

CVE-2025-46658

CVSS 9.8v3.1pub. 2025-08-05upd. 2025-10-02

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.

🤖 AI Analysis
How it works

The ExonautWeb application in version 21.6 returns detailed, verbose error messages to the user. Such messages can disclose sensitive information about infrastructure, server configuration, system paths, technology stack, or database structure. This information can then be used by an attacker to prepare more precise attacks on the system.

Impact

An unauthenticated attacker operating remotely can obtain sensitive technical information about the application and server environment, which may facilitate further attacks leading to violations of system confidentiality, integrity, and availability.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. Additionally, it is recommended to configure the application so that it does not expose detailed error messages to end users — technical errors should be logged exclusively on the server side.

Who is affected

4C Strategies Exonaut version 21.6 (ExonautWeb component)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • 4cstrategies Exonaut

    APP
    4Cstrategies
    21.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-46659HIGH7.5ten sam produkt

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an e...

CVE-2024-55401MEDIUM6.5ten sam produkt

An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.

CVE-2024-55398MEDIUM6.5ten sam produkt

4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.

CVE-2024-55399MEDIUM6.5ten sam produkt

4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF).

CVE-2024-55402MEDIUM5.3ten sam produkt

4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.