A critical Missing Authorization vulnerability, identified as CVE-2025-62944, has been discovered in the MSTW CSV EXPORTER plugin. This flaw allows an attacker with low or no privileges to perform actions reserved for administrators, potentially leading to unauthorized data exfiltration, system modification, or a complete compromise of the affected application. Due to its critical severity rating of 9.8, immediate remediation is strongly recommended.

The vulnerability exists because the MSTW CSV EXPORTER plugin fails to properly verify if a user has the required permissions before executing sensitive functions. An unauthenticated or low-privileged attacker can craft a direct request to a specific administrative endpoint responsible for data export. By bypassing the authorization check, the attacker can trigger the data export functionality and exfiltrate sensitive information that the application processes.

This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9.8. Successful exploitation could lead to a significant data breach, as the attacker could export confidential or proprietary data stored within the application. This could result in severe financial losses, regulatory penalties (e.g., under GDPR or CCPA), reputational damage, and a loss of customer trust. Depending on the data being exported, the compromise could also expose sensitive user information, intellectual property, or internal system configurations.

Immediate Action: The primary remediation is to update the MSTW CSV EXPORTER plugin to the latest version as recommended by the vendor. After patching, administrators should review access logs for any anomalous activity targeting the plugin's functionality to identify potential past exploitation attempts.

Proactive Monitoring: Implement continuous monitoring of web server and application logs for unusual or direct requests to the plugin's export functions, especially from unauthenticated users or unexpected IP addresses. Monitor network traffic for large, unexpected outbound data transfers that could indicate data exfiltration. Set up alerts for repeated access attempts to administrative endpoints.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to block unauthorized access to the vulnerable export endpoints. Restrict network access to the application server, allowing connections only from trusted internal IP addresses. Enforce stricter default-deny policies at the network edge to limit the attack surface.

Public Exploit Available: false

Given the critical CVSS score of 9.8, this vulnerability requires immediate attention and patching. Organizations must prioritize the deployment of the vendor-supplied update to all affected systems to prevent potential data breaches. Although this CVE is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its severity makes it a prime candidate for future inclusion. All remediation and monitoring actions should be treated with the highest urgency.