CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4364: Exposure of Sensitive System Information to an Unauthorized Control Sphere

8.7 CVSS

Description

The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.

Classification

CVE ID: CVE-2025-4364

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem Types

CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

Affected Products

Vendor: Assured Telematics Inc.

Product: Fleet Management System

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 26.97% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4364
https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-11

Timeline

2025-05-20 16:15:23 UTC
All CISA Advisories

Assured Telematics Inc (ATI) Fleet Management System with Geotab Integration
2025-05-20 18:40:18 UTC
CVE

Exposure of Sensitive System Information to an Unauthorized Control Sphere