ExaGrid EX10 Backup Appliance SMTP Credential Disclosure Vulnerability
漏洞信息
漏洞名称: ExaGrid EX10 Backup Appliance SMTP Credential Disclosure Vulnerability
漏洞编号:
- CVE: CVE-2025-29557
漏洞类型: 信息泄露
漏洞等级: 高危
漏洞描述: ExaGrid EX10备份设备是一款企业级备份解决方案,广泛用于数据保护和灾难恢复场景。该设备通过其MailConfiguration API端点管理SMTP配置,用于发送警报和支持邮件。此次发现的漏洞允许具有操作员级别权限的认证用户通过发送特制的HTTP请求到MailConfiguration API端点,获取包含明文SMTP用户名和密码的完整JSON响应。这一漏洞的根本原因在于API端点的访问控制不足,未能正确限制对敏感信息的访问。由于SMTP凭证通常用于内部或云基础的邮件服务,攻击者可以利用泄露的凭证进行进一步的网络渗透,如发送恶意邮件或访问其他系统。此外,明文存储密码的做法违反了基本的凭证保护原则,可能导致合规性问题。该漏洞的利用需要认证,但操作员级别的权限在许多组织中可能较为普遍,因此风险较高。建议用户及时升级到修复版本,并监控对MailConfiguration API的访问日志,以防止凭证泄露。
产品厂商: ExaGrid
产品名称: ExaGrid EX10 Backup Appliance
影响版本: 6.3 <= version <= 7.0.1.P08
来源: https://github.com/0xsu3ks/CVE-2025-29557
类型: CVE-2025:github search
仓库文件
- README.md
来源概述
CVE-2025-29557 – ExaGrid MailConfiguration API Credential Disclosure
📝 Overview
Vulnerability Title: SMTP Credential Disclosure via MailConfiguration API
Product: ExaGrid EX10 Backup Appliance
Versions Affected: 6.3 – 7.0.1.P08
CVE ID: CVE-2025-29557
Severity: High
Attack Vector: Remote (Authenticated)
Impact: Information Disclosure – Plaintext SMTP Credentials
🧨 Description
A critical access control flaw exists in the MailConfiguration API endpoint of ExaGrid EX10 appliances. Authenticated users with operator-level privileges can send a crafted HTTP request to this endpoint and receive SMTP configuration details — including plaintext SMTP passwords.
This represents a clear violation of privilege boundaries, as operator roles are not intended to have access to sensitive credentials.
🔬 Attack Vectors
🔹 Direct API Request Manipulation
- A user with operator-level access sends a GET request to the MailConfiguration API.
- The API returns a full JSON payload containing SMTP usernames and passwords in plaintext.
🔹 API Scraping or Enumeration
- An attacker with programmatic access can query multiple appliances or endpoints at scale.
- Enables credential harvesting across environments, especially in large deployments.
📦 Affected Components
- Product: ExaGrid EX10
- Component: MailConfiguration API
- Versions: 6.3 through 7.0.1.P08
📉 Impact
- Confidentiality breach: Disclosure of plaintext credentials used for outbound email (alerting, support).
- Pivoting: Possible access to internal or cloud-based SMTP services.
- Compliance violation: Violation of basic credential protection practices (e.g., storing secrets in plaintext).
🛡️ Mitigation
- Upgrade to the latest patched version once available.
- Remove unnecessary SMTP configurations or use tokens where supported.
- Monitor API access logs for
MailConfigurationqueries from operator accounts.
✅ Vendor Status
- Confirmed and acknowledged by ExaGrid.
👨💻 Discoverer
Security Researcher – Kevin Suckiel – 0xsu3ks
Discovered and responsibly disclosed CVE-2025-29557.
⚠️ Legal Notice
This content is provided for educational and authorized testing purposes only.
The author assumes no liability for misuse or unauthorized access.