What is the severity of CVE-2025-70841?

CVE-2025-70841 has a CVSS v3 score of 10, which is classified as Critical severity.

Is there an exploit available for CVE-2025-70841?

No known public exploits are currently available for CVE-2025-70841.

Is there a patch available for CVE-2025-70841?

No official patches have been released yet for CVE-2025-70841. Consider implementing workarounds or mitigations.

CVE-2025-70841 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v310.0

CVSS v20.0

Priority Score599.0

EPSS Score0.0

Critical

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

10.0

CVSS

No

Exploit

No

Patch

High Priority

no patch • critical severity

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key (APP_KEY), database credentials, SMTP/SendGrid API credentials, and internal configuration parameters, enabling complete system compromise including authentication bypass via session token forgery, direct database access to all tenant data, and email infrastructure takeover. Due to the multi-tenancy architecture, this vulnerability affects all tenants in the system.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Network

Scope:Changed

Confidentiality:High

Integrity:High

Availability:Network