CVE-2025-34081

moderate-risk

Published 2025-07-01

The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS HMI System (CHS): before 3.7.7.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Conprosys Hmi System

Affected Vendors

Contec

References (2)

Third Party Advisory https://jvn.jp/en/vu/JVNVU92266386/

https://www.vulncheck.com/advisories/conprosys-hmi-system-exposed-php-debug-info

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal