Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 22 Sep 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-22T15:53:43.873Z
Reserved: 2025-08-17T00:00:00.000Z
Link: CVE-2025-57430

No data.

Status : Awaiting Analysis
Published: 2025-09-22T16:15:44.627
Modified: 2025-09-22T21:22:33.590
Link: CVE-2025-57430

No data.

No data.