Description
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.
Published: 2026-03-23
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Exposure
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in Census CSWeb 8.0.1 permits an unauthenticated attacker to access the "app/config" path via HTTP, exposing configuration files that may contain confidential secrets. This is a classic information disclosure flaw, classified as CWE‑200, which can be exploited by reaching the vulnerable endpoint without any authentication. The attacker can retrieve files that may reveal credentials, API keys, or other sensitive data, potentially compromising the entire application and surrounding infrastructure.

Affected Systems

The affected system is Census CSWeb version 8.0.1. No other versions or vendors are reported as impacted. The vulnerability exists when the deployment exposes the "app/config" directory through an HTTP request path.

Risk and Exploitability

The scoring indicates a CVSS base of 9.3, denoting a critical severity. However, the EPSS score is below 1%, suggesting that automated exploitation is unlikely to be widespread. The vulnerability is not currently listed in the CISA KEV catalog, further indicating limited known exploitation. Attackers would need to send HTTP requests to the specific path, which is possible if the web server is not restricted, and no elevated privileges are required. The risk to confidentiality is high, while impact on integrity and availability is not directly addressed, but compromised secrets could lead to further attacks.

Generated by OpenCVE AI on March 25, 2026 at 22:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Census CSWeb to version 8.1.0 alpha or later.
  • Ensure that the "app/config" directory is not exposed to external HTTP requests; configure the web server to deny public access to this path.
  • Verify that all web application configurations enforce proper access controls and validate that the fix has been applied with a penetration test or audit of the exposed endpoints.

Generated by OpenCVE AI on March 25, 2026 at 22:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Csprousers
Csprousers csweb
CPEs cpe:2.3:a:csprousers:csweb:8.0.1:*:*:*:*:*:*:*
Vendors & Products Csprousers
Csprousers csweb

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Census
Census csweb
Vendors & Products Census
Census csweb

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Description Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.
Title Census CSWeb leaked configuration files
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Census Csweb
Csprousers Csweb
cve-icon MITRE

Status: PUBLISHED

Assigner: cisa-cg

Published:

Updated: 2026-03-25T14:50:13.877Z

Reserved: 2025-09-26T05:34:11.056Z

Link: CVE-2025-60949

cve-icon Vulnrichment

Updated: 2026-03-25T14:50:06.595Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T22:16:23.130

Modified: 2026-03-25T21:06:59.330

Link: CVE-2025-60949

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:20:31Z

Weaknesses