PT-2025-34601 · Unknown · Minova Tta
Stefan Mettler
·
Published
2025-08-25
·
Updated
2025-08-25
·
CVE-2025-7426
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
MINOVA TTA version 11.17.0
Description:
The MINOVA TTA service exposes authentication FTP credentials through debug port 1604, allowing unauthenticated remote access to active FTP accounts containing sensitive internal data and import structures. Debug ports 1602, 1603, and 1636 also expose service architecture information and system activity logs. In environments where the FTP server is integrated into automated business processes like EDI or data integration, this could lead to data manipulation, extraction, or abuse.
Recommendations:
MINOVA TTA version 11.17.0: Isolate or disable debug ports 1602, 1603, 1604, and 1636.
MINOVA TTA version 11.17.0: Rotate FTP credentials.
Exploit
Fix
Cleartext Storage of Sensitive Information
Insertion into Log File
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Minova Tta