PT-2025-47945 · Millensys · Millensys Vision Tools Workspace
Khaled Al-Refaee
+1
·
Published
2025-11-24
·
Updated
2025-12-30
·
CVE-2025-63958
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MILLENSYS Vision Tools Workspace version 6.5.0.2585
Description
MILLENSYS Vision Tools Workspace version 6.5.0.2585 has a configuration endpoint,
/MILLENSYS/settings, that does not require authentication. Accessing this endpoint reveals sensitive information including plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can obtain this information by directly accessing the endpoint, potentially leading to full system compromise. The issue is caused by a lack of access controls on a privileged administrative function.Recommendations
Apply access controls to the
/MILLENSYS/settings endpoint to prevent unauthenticated access.Exploit
Fix
Improper Access Control
Information Disclosure
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Millensys Vision Tools Workspace