CVE-2025-4364
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Description
The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.
INFO
Published Date :
May 20, 2025, 6:15 p.m.
Last Modified :
April 15, 2026, 12:35 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2025-4364
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 4.0 | HIGH | [email protected] |
Solution
- Review and restrict access controls to system information.
- Implement least privilege for user accounts.
- Harden system configurations to prevent unauthorized access.
Public PoC/Exploit Available at Github
CVE-2025-4364 has a 23 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-4364.
| URL | Resource |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-11 |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-4364 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-4364
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Multi-source AI infrastructure discovery for government TLDs — CT logs + Shodan + DNS + Ollama fingerprinting with Mullvad VPN guard
ai-security certificate-transparency government ollama osint security shodan llm nicholas-kloster nuclide bug-bounty cli golang visor
Go
Agentic LLM injection benchmark — VisorCorpus payload delivery, VisorSD target discovery, HIT/MISS matrix per vector
agentic-ai ai-security golang llm llm-security nuclide pentest prompt-injection red-team visor nicholas-kloster agentic bug-bounty cli
Go Python HTML
Process injection detection benchmark: NtMapViewOfSection + WriteProcessMemory, Sysmon pass/fail per event ID
edr-detection golang malware-research nuclide process-injection red-team sysmon visor windows detection-benchmark nicholas-kloster bug-bounty cli detection-engineering etw
Go
Unified AI/LLM infrastructure hunt & assessment CLI. Orchestrates JAXEN, VisorSD, VisorCorpus, BARE, and aimap
Go
Go toolkit + library: structured adversarial corpora for LLM/RAG safety + quality testing. Prompt injection, KB exfiltration, jailbreak, system-prompt probing. CI/CD-ready.
adversarial-testing corpus-generation go-cli llm-security prompt-injection rag-security rag-testing red-team safety-evaluation adversarial-ml ai-security corpus golang nuclide visor nicholas-kloster cli defensive-ai jailbreak
Go
Shodan exposure scanner + adversarial RAG security testing toolkit
ai-security golang llm-security nuclide osint reconnaissance red-team shodan visor exposure-scanner nicholas-kloster bug-bounty cli pentest
Go
Agentic recon CLI: RAG-grounded LLM drives 6 live tools (VisorGraph, aimap, BARE, nuclei, Menlo-hunt, OSV-scan) with every probe sandboxed in gVisor
agentic ai-security gvisor llm osint rag reconnaissance security nicholas-kloster agent bug-bounty cli golang nuclide visor
Go
JAXEN is a stateful, Go-based reconnaissance framework designed to map modern enterprise attack surfaces. Powered by Shodan + local SQLite DB, it specializes in AI/LLM infrastructure hunting, enterprise gateway enumeration (Menlo Security), continuous diffing, and deep TLS certificate forensics.
ai-infrastructure certificate-analysis cloud-security enterprise-security osint reconnaissance shodan threat-hunting nicholas-kloster bug-bounty cli golang nuclide pentest red-team visor
Go Python
High-performance infrastructure mapping and security recon engine with native gVisor sandboxing and Go Vuln DB integration.
ai-security asset-discovery attack-surface-management automation bug-bounty cybersecurity go golang infrastructure-mapping network-security osint recon red-teaming security-tools threat-intelligence vulnerability-detection vulnerability-scanner active-reconnaissance nuclide nicholas-kloster
Makefile Go Shell
GCP External Attack Surface Management (EASM) — Zero-knowledge, 5-phase recon with automated attack chain detection.
attack-chain cloud-security gcp golang google-cloud pentest red-team vulnerability-scanner devsecops easm nicholas-kloster bug-bounty cli nuclide visor
Go
Claude Savant allows unlimited memory.md capacity
anthropic claude claude-ai claude-code external-memory gist llm llm-memory memory persistent-memory nicholas-kloster nuclide prompt-engineering
OWASP LLM08 (Excessive Agency) — Claude Opus 4.7 in Anthropic's sandbox executed production Fastly CDN changes; audit log attributes them to the human account-holder. Coordinated disclosure.
ai-security anthropic audit-trail claude-opus confused-deputy disclosure fastly llm-security mcp-server mitre-atlas owasp-llm-top-10 prompt-injection cdn-security cwe-269 cwe-441 excessive-agency lethal-trifecta owasp-llm08 claude-code nuclide
Sentinel-driven template extraction for Claude 4.7 — turn the model from a free-form writer into a precise extraction engine. Methodology + live captures + screencasts.
claude claude-code jailbreak nicholas-kloster anthropic llm nuclide prompt-engineering rag templates
Portable Conversation State Embedding — fingerprint how a user and an AI calibrate over time, then inject it at session start to skip the cold-start overhead tax.
anthropic calibration claude conversation-state cosine-similarity embeddings llm nuclide pcse sha256 cold-start deterministic human-ai-interaction python nicholas-kloster
Python
Offline Semantic Exploit Mapping. Single-binary BERT encoder for mapping scans to Metasploit without Python or Torch.
bert candle embeddings llm machine-learning nmap nuclei rust semantic shodan cli metasploit offline security air-gapped pentesting sentence-transformers single-binary nicholas-kloster nuclide
Python Rust
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-4364 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-4364 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by [email protected]
May. 20, 2025
Action Type Old Value New Value Added Description The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials. Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-497 Added Reference https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-11