Unleash the Chaos: Unauthenticated File Disclosure Strikes HYDRA X!
Got some files you don’t want others to read? Well, if you’re using HYDRA X, MIP 2, or FEDRA 2, you might be out of luck. A juicy unauthenticated local file disclosure vulnerability (CVE-2025-12055) could let anyone with a browser and a dream access your Windows files. Patch it up, pronto!
Hot Take:
In the latest episode of “Oops, I Did It Again,” MPDV’s HYDRA X MES system has been caught with its files down! It seems that this manufacturing execution system has a slight problem with keeping secrets—particularly those pesky local files on Windows. Talk about airing your dirty laundry in public! Time to patch up and close those wardrobe doors before the skeletons—uh, files—come tumbling out!
Key Points:
- An unauthenticated local file disclosure vulnerability (CVE-2025-12055) affects MPDV’s HYDRA X MES system.
- The vulnerability allows attackers to read arbitrary files from the Windows OS without needing authorization.
- Vulnerable versions include 10.14.STD and MIP 2 / FEDRA 2 / HYDRA X with Servicepack 8 until maintenance pack week 35/2025.
- Patch available in the vendor’s support portal from maintenance pack week 36/2025.
- No workaround exists; immediate installation of the patch is recommended.
Already a member? Log in here