PT-2025-38740 · Creacast · Creabox Manager
Published
2025-09-22
·
Updated
2025-09-22
·
CVE-2025-57430
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Creacast Creabox Manager version 4.4.4
Description
The software exposes sensitive configuration data through a publicly accessible endpoint. Accessing the
/get endpoint returns internal configuration details, including the creacodec.lua file, which contains admin credentials in plaintext.Recommendations
Restrict access to the
/get endpoint.
Secure the creacodec.lua file to prevent unauthorized access to admin credentials.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Creabox Manager