QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34119

Published: Jul 16, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.

Vendor	Product	Versions
Tinasoft	EasyCafe Server	affected `2.2.14`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/misc/easycafe_server_fileaccess.rb

exploit

https://www.exploit-db.com/exploits/39102

exploit

https://www.vulncheck.com/advisories/easy-cafe-server-remote-file-disclosure

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.