{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2025-60949/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2025-60949","information-disclosure","webserver"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCensus CSWeb version 8.0.1 is susceptible to a critical vulnerability (CVE-2025-60949) that allows unauthenticated remote attackers to access sensitive configuration files. This exposure occurs because the \u003ccode\u003e/app/config\u003c/code\u003e directory is reachable via HTTP in certain deployments. By sending a specially crafted request to this path, an attacker can potentially obtain sensitive information, such as API keys, database credentials, and other secrets stored within the configuration files. This vulnerability was publicly disclosed on March 23, 2026, and a fix is available in version 8.1.0 alpha. Exploitation of this vulnerability can lead to significant data breaches and compromise of the affected system. Defenders should prioritize identifying and patching vulnerable instances.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a target running Census CSWeb 8.0.1.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP GET request to \u003ccode\u003e/app/config\u003c/code\u003e directory or specific files within that directory.\u003c/li\u003e\n\u003cli\u003eThe vulnerable server processes the request without proper authentication or access controls.\u003c/li\u003e\n\u003cli\u003eThe server responds with the contents of the configuration files, potentially containing sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker parses the configuration files to extract sensitive data, such as API keys, database credentials, or internal IP addresses.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted credentials to gain unauthorized access to databases, APIs, or other systems.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges within the compromised systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-60949 can lead to the exposure of sensitive information, including API keys, database credentials, and other secrets. This can allow attackers to gain unauthorized access to critical systems, leading to data breaches, financial loss, and reputational damage. The vulnerability affects all deployments of Census CSWeb 8.0.1 where the \u003ccode\u003e/app/config\u003c/code\u003e directory is exposed via HTTP.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Census CSWeb version 8.1.0 alpha or later to patch CVE-2025-60949.\u003c/li\u003e\n\u003cli\u003eImplement access controls to restrict access to the \u003ccode\u003e/app/config\u003c/code\u003e directory to authorized personnel only.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Unauthenticated Access to Configuration Files\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests to \u003ccode\u003e/app/config\u003c/code\u003e to detect unauthorized access attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-24T14:00:00Z","date_published":"2026-03-24T14:00:00Z","id":"/briefs/2026-03-census-csweb-config-disclosure/","summary":"Census CSWeb 8.0.1 is vulnerable to unauthenticated remote configuration file disclosure via HTTP requests to the `/app/config` path, potentially exposing sensitive secrets; fixed in 8.1.0 alpha.","title":"Census CSWeb 8.0.1 Configuration File Disclosure Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-census-csweb-config-disclosure/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2025-60949","version":"https://jsonfeed.org/version/1.1"}