Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System

Title

Unauthenticated Local File Disclosure

Product

MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System

Vulnerable Version

10.14.STD, MIP 2 / FEDRA 2 / HYDRA X with Servicepack 8 Maintenance versions until week 35/2025

Fixed Version

Maintenance Pack 36 for MIP 2 / FEDRA 2 / HYDRA X with Servicepack 8, week 36/2025

CVE Number

CVE-2025-12055

Impact

high

Homepage

https://www.mpdv.com/

Found

23.06.2025

By

Lukas Donaubauer | SEC Consult Vulnerability Lab

Management Summary

The Manufacturing Execution System HYDRA X, MIP 2 as well as FEDRA 2 developed by MPDV Mikrolab was found to be vulnerable to a local file disclosure vulnerability. An unauthenticated attacker was able to read all the local files of the underlying operating system in the context of the current hard drive where the software was installed.

Vendor description

"You monitor, control and optimize your production continuously with HYDRA X. You can therefore keep an eye on all resources at all times and design your production processes to be as efficient as possible. Digitization in production is unstoppable! Companies who want to produce efficiently need HYDRA X."

Source: https://www.mpdv.com/en/products/mes-hydra-x 

Business recommendation

The vendor provides a patch in their support portal which should be installed immediately.

SEC Consult highly recommends performing a thorough security review of the product conducted by security professionals to identify and resolve potential further security issues.

Vulnerability overview/description

1) Unauthenticated Local File Disclosure (CVE-2025-12055)

HYDRA X, MIP2 and FEDRA 2 suffer from an unauthenticated local file disclosure vulnerability which allows an attacker to read arbitrary files from the Windows operating system (HYDRA X is designed to work on Windows). The “Filename” parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.

Proof of concept

1) Unauthenticated Local File Disclosure (CVE-2025-12055)

The following proof of concept shows the HTTP request that was used to read local files of the server's operating system. The vulnerability can be triggered as soon as a vulnerable version of the software is in use. Authorization and authentication are not needed.

HTTP Request:
GET /hx/resources/public/$SCHEMAS$?Filename=c%3a%5cwindows%5cwin.ini HTTP/1.1

Vulnerable / tested versions

The following versions have been tested and found to be vulnerable:

  • 10.14.STD
  • According to the vendor MIP 2 / FEDRA 2 / HYDRA X with Servicepack 8, up until the maintenance pack of week 35/2025 are vulnerable

Vendor contact timeline

2025-08-06 Contacting vendor via email.
2025-08-08 Answer by vendor.
2025-08-27 Contact from vendor after initial delays.
2025-08-27 Sending of advisory.
2025-09-11 Information from the vendor about patch.
2025-10-13 Contacting the vendor via mail with question about advisory publication.
2025-10-21 Answer by the vendor that advisory can be published.
2025-10-27 Public disclosure of advisory.

Solution

The vulnerability is fixed in the following version:

  • Maintenance Pack of week 36/2025 for MIP 2 / FEDRA 2 / HYDRA X with Servicepack 8

Customers can download the patch at the vendor's support portal.

Workaround

None

Advisory URL

https://sec-consult.com/vulnerability-lab/ 

 

EOF Lukas Donaubauer / @2025

 

Interested to work with the experts of SEC Consult? Send us your application.
Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices.

Back