twonav 2.1.18-202 Site Settings information disclosure

Summaryinfo

A vulnerability was found in twonav 2.1.18-202 and classified as problematic. Impacted is an unknown function of the component Site Settings Handler. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2025-29450. The attack can be executed remotely. There is not any exploit available.

Detailsinfo

A vulnerability classified as problematic was found in twonav 2.1.18-202. This vulnerability affects an unknown code of the component Site Settings Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. CVE summarizes:

An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component.

The advisory is shared for download at yuque.com. This vulnerability was named CVE-2025-29450 since 03/11/2025. The exploitation appears to be easy. The attack can be initiated remotely. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-12351). Once again VulDB remains the best source for vulnerability data.

Productinfo

Name

• twonav

Version

• 2.1.18-202

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion