CVE-2025-63958 – MILLENSYS Vision Tools Workspace 6.5.0.2585 exp... (How to Fix)

Q: What is the severity of CVE-2025-63958?

CVE-2025-63958 has a CVSS score of 9.8 (CRITICAL). MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes an unauthenticated configuration endpoint that leaks sensitive information including database credentials, file share paths, and license server details. This allows attackers to potentially compromise the entire system by accessing these credentials. All users running the vulnerable version are affected.

📋 TL;DR

MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes an unauthenticated configuration endpoint that leaks sensitive information including database credentials, file share paths, and license server details. This allows attackers to potentially compromise the entire system by accessing these credentials. All users running the vulnerable version are affected.

💻 Affected Systems

Products:

MILLENSYS Vision Tools Workspace

Versions: 6.5.0.2585

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable endpoint is exposed by default without any access controls

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through credential theft leading to database access, file system infiltration, and lateral movement within the network

🟠

Likely Case

Database compromise, sensitive data exfiltration, and potential ransomware deployment through stolen credentials

🟢

If Mitigated

Limited information disclosure without authentication bypass, but still exposes system architecture details

🌐 Internet-Facing: HIGH - Directly accessible without authentication, exposing credentials to any internet user

🏢 Internal Only: HIGH - Even internal attackers or compromised devices can easily access sensitive credentials

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web browser or curl command to access the endpoint

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.millensys.com/

Restart Required: No

Instructions:

Check vendor website for security updates. No official patch available at time of analysis.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to the MILLENSYS application using firewall rules

# Windows: netsh advfirewall firewall add rule name="Block MILLENSYS" dir=in action=block protocol=TCP localport=80,443 remoteip=any
# Linux: iptables -A INPUT -p tcp --dport 80,443 -j DROP

Web Server Configuration

all

Add authentication requirement to /MILLENSYS/settings endpoint

# Apache: <Location "/MILLENSYS/settings">
    AuthType Basic
    AuthName "Restricted"
    Require valid-user
</Location>
# Nginx: location /MILLENSYS/settings {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;
}

🧯 If You Can't Patch

Immediately isolate the MILLENSYS server from internet access and restrict internal network access
Change all database credentials, file share passwords, and license server credentials exposed by the vulnerability

🔍 How to Verify

Check if Vulnerable:

Access http://[server-ip]/MILLENSYS/settings in browser or using curl. If it returns configuration data without authentication, system is vulnerable.

Check Version:

Check application version in software interface or installation directory

Verify Fix Applied:

Attempt to access the endpoint after applying controls. Should return 401/403 error or require authentication.

📡 Detection & Monitoring

Log Indicators:

Multiple GET requests to /MILLENSYS/settings from unauthenticated users
Database connection attempts from unexpected IP addresses

Network Indicators:

Unusual outbound connections from MILLENSYS server to database or file share systems
Traffic to /MILLENSYS/settings endpoint without prior authentication

SIEM Query:

source="web_logs" AND url="/MILLENSYS/settings" AND (user="-" OR auth_status="failed")

📊 Metadata

CVE ID: CVE-2025-63958

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-200

EPSS Score: 0.45% exploit probability (63.3th percentile)

Published: November 24, 2025

Last Updated: December 30, 2025

🔗 References

https://ozex.gitlab.io/tricks_hacks/2025-11-19-cve-2025-63958/index.html Exploit,Third Party Advisory
https://www.millensys.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63958, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Vision Tools Workspace by Millensys

Vision Tools Workspace by Millensys

Vision Tools Workspace by Millensys

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Control

Web Server Configuration

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities