{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67223", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-28T15:56:56.925Z", "dateReserved": "2025-12-08T00:00:00.000Z", "datePublished": "2026-04-28T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-28T14:21:14.484Z"}, "descriptions": [{"lang": "en", "value": "The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://docs.arandasoft.com/at-v8-release-notes/en/pages/release_pdf/file_server.html"}, {"url": "https://arandasoft.com/en/productos/aranda-service-management/"}, {"url": "https://github.com/brandonperezlara/CVE-2025-67223"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-532", "lang": "en", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-377", "lang": "en", "description": "CWE-377 Insecure Temporary File"}]}], "references": [{"url": "https://github.com/brandonperezlara/CVE-2025-67223", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T15:53:23.961090Z", "id": "CVE-2025-67223", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T15:56:56.925Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-67223", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-28T15:53:23.961090Z"}}}], "references": [{"url": "https://github.com/brandonperezlara/CVE-2025-67223", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-377", "description": "CWE-377 Insecure Temporary File"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T15:54:28.704Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://docs.arandasoft.com/at-v8-release-notes/en/pages/release_pdf/file_server.html"}, {"url": "https://arandasoft.com/en/productos/aranda-service-management/"}, {"url": "https://github.com/brandonperezlara/CVE-2025-67223"}], "descriptions": [{"lang": "en", "value": "The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-28T14:21:14.484Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67223", "state": "PUBLISHED", "dateUpdated": "2026-04-28T15:56:56.925Z", "dateReserved": "2025-12-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-28T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII."}], "id": "CVE-2025-67223", "lastModified": "2026-04-28T20:18:13.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-28T15:16:06.033", "references": [{"source": "cve@mitre.org", "url": "https://arandasoft.com/en/productos/aranda-service-management/"}, {"source": "cve@mitre.org", "url": "https://docs.arandasoft.com/at-v8-release-notes/en/pages/release_pdf/file_server.html"}, {"source": "cve@mitre.org", "url": "https://github.com/brandonperezlara/CVE-2025-67223"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/brandonperezlara/CVE-2025-67223"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-377"}, {"lang": "en", "value": "CWE-532"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T19:35:21.005474+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s latest update, version 8.3.12 or newer, which removes the publicly accessible log directory and randomizes file names.", "If an upgrade cannot be performed immediately, restrict the log directory\u2019s permissions so that it is accessible only to authenticated users and/or silence the logging of file names from the web\u2011accessible area.", "Audit and delete any existing logs or files in the directory that contain sensitive documents to eliminate the risk of accidental exposure."], "summary": {"action": "Patch Now", "impact": "Information Disclosure of PII"}, "threat_synthesis": {"affected_systems": "Aranda Software Aranda Service Desk installations using the File Server component prior to version 8.3.12 are affected. The vulnerability exists in the component that stores logs with predictable names in a directory available to anyone with network access.", "description_and_impact": "The Aranda File Server component writes daily activity logs to a publicly accessible directory with predictable file names. This design flaw allows unauthenticated remote attackers to discover virtual paths of uploaded documents and bypass user\u2011level access controls to download files containing personal data. The weakness aligns with CWE\u2011532, as log files are exposed to unauthorized users, and CWE\u2011377, due to the insecure, deterministic generation of critical information like log paths.", "risk_and_exploitability": "The CVSS score is 7.5, indicating a moderate to high severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the attacker does not need authentication, and the file names are foreseeable, the exploit is straightforward once the target is identified. The ability to retrieve protected documents that contain personally identifiable information elevates the risk level for exposed systems."}}}}, "created": "2026-04-28T19:45:07.589663+00:00", "title": "Unrestricted Access to Sensitive Files via Predictable Log Names in Aranda File Server", "updated": "2026-04-28T19:45:07.589674+00:00", "vendors": []}