Tibbo AggreGate NN <6.40.05 Info Disclosure via /cwmp/happyaxis.jsp
CVE-2025-34156 Published on October 23, 2025
Tibbo AggreGate Network Manager < 6.40.05 System Information Exposure
Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could aid further compromise.
Weakness Type
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
Products Associated with CVE-2025-34156
Want to know whenever a new CVE is published for Tibbosystems Aggregate Network Manager? stack.watch will email you.
Affected Versions
Tibbo Systems AggreGate Network Manager:- Before 6.40.05 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.