Common Weakness Enumeration

CWE-1295

Allowed

Debug Messages Revealing Unnecessary Information

Abstraction: Base · Status: Incomplete

The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.

41 vulnerabilities reference this CWE, most recent first.

GHSA-X5GG-4843-J4XJ

Vulnerability from github – Published: 2025-04-23 12:31 – Updated: 2025-04-23 12:31
VLAI
Details

This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-42604"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-23T11:15:47Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related information.",
  "id": "GHSA-x5gg-4843-j4xj",
  "modified": "2025-04-23T12:31:25Z",
  "published": "2025-04-23T12:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-42604"
    },
    {
      "type": "WEB",
      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0082"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation

Ensure that a debug message does not reveal any unnecessary information during the debug process for the intended response.

CAPEC-121: Exploit Non-Production Interfaces

An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.