{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.7.8.1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "42291e597f2e55797343d56522c1223607b731b3" } ], "repo": "https://github.com/scada-lts/scada-lts", "type": "GIT" } ] } ], "details": "A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor explains: \"[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower.\"", "id": "CVE-2025-9139", "modified": "2026-04-01T23:10:17.023889256Z", "published": "2025-08-19T13:15:42.400Z", "references": [ { "type": "WEB", "url": "https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/%20CVE-2025-9139.md" }, { "type": "WEB", "url": "https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Sensitive%20User%20Information%20Disclosure%20via%20WatchListDwr.init.dwr%20Endpoint.md#proof-of-concept-poc" }, { "type": "ADVISORY", "url": "https://vuldb.com/?id.320519" }, { "type": "ADVISORY", "url": "https://vuldb.com/?submit.621062" }, { "type": "REPORT", "url": "https://vuldb.com/?ctiid.320519" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }