CVE-2025-57430

Published: Sep 22, 2025Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials.

Affected (1)

Products: Creacast: Creabox Manager

Creacast

1 product

Creabox Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Creacast Creabox Manager	Version 4.4.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (3)

http://www.creacast.com/

Source: cve@mitre.org

Product

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57430

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57430

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.