Impact
This vulnerability arises from insecure permissions set on the MSI NBFoundation Service named pipe, MSI_SERVICE_2. A remote attacker can open a connection to the pipe and read data that the service exposes without any authentication, leading to a loss of confidentiality of the information the service handles. The flaw is a classic example of a permission‑related data exposure, categorized as CWE‑200.
Affected Systems
The MSI NBFoundation Service version 2.0.2506.1201, distributed by MSI, is affected. No other vendor or product versions are identified in the CNA data.
Risk and Exploitability
The CVSS score is 7.5 and the EPSS score is less than 1 %, indicating that exploitation is possible but unlikely to be widely seen. The vulnerability is not listed in the CISA KEV catalog, meaning there are no confirmed large‑scale attacks at this time. Exploitation requires a remote actor to connect to the MSI_SERVICE_2 named pipe, which can be accessed without authentication because of the insecure permissions. The primary risk is a confidentiality compromise; there is no evidence that the flaw would affect integrity or availability.
OpenCVE Enrichment