Home / Vulnerability Intelligence / CVE-2025-67223

CVE-2025-67223 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: April 28, 2026

Aranda Software Aranda Service Desk - Information Disclosure

Published: April 28, 2026Updated: April 28, 2026PoC AvailableRemote Exploitable

Overview

Aranda Software Aranda Service Desk < 8.3.12 contains an information disclosure caused by predictable daily activity log file names in a public directory, letting unauthenticated remote attackers access sensitive documents with PII, exploit requires no special privileges.

Severity & Score

Severity: High

CVSS Score: 7.5

Impact

Unauthenticated remote attackers can access sensitive documents containing PII, leading to information disclosure.

Mitigation

Update to version 8.3.12 or later.

References

https://github.com/brandonperezlara/CVE-2025-67223
https://arandasoft.com/en/productos/aranda-service-management/
https://docs.arandasoft.com/at-v8-release-notes/en/pages/release_pdf/file_server.html

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-67223
Severity: High
CVSS Score: 7.5
Type: information_disclosure
Status: new

CWE

CWE-377

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N