Overview
The vulnerability dubbed CVE-2025-26730 impacts the NotFound Macro Calculator, specifically versions available from the initial release through 1.0. The flaw relates to the exposure of sensitive system information to an unauthorized control sphere. This could potentially lead to system compromise or data leakage, making it a significant concern for users of the affected software.
Vulnerability Summary
CVE ID: CVE-2025-26730
Severity: High (CVSS 7.5)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: System compromise or data leakage
Affected Products
Escape the Surveillance Era
Most apps won’t tell you the truth.
They’re part of the problem.
Phone numbers. Emails. Profiles. Logs.
It’s all fuel for surveillance.
Ameeba Chat gives you a way out.
- • No phone number
- • No email
- • No personal info
- • Anonymous aliases
- • End-to-end encrypted
Chat without a trace.
Product | Affected Versions
NotFound Macro Calculator with Admin Email Optin & Data | n/a through 1.0
How the Exploit Works
CVE-2025-26730 exploits a vulnerability in the NotFound Macro Calculator software which allows unauthorized access to sensitive system information. An attacker could exploit this vulnerability by sending a specially crafted request to the server, causing it to expose sensitive system information. This information could be used for further attacks or even to compromise the entire system.
Conceptual Example Code
Here’s a conceptual example of how the vulnerability might be exploited. This example is a malicious HTTP request:
POST /vulnerable/system-info HTTP/1.1
Host: target.example.com
Content-Type: application/json
{ "exploit_payload": "request_system_info" }In this example, the attacker sends a POST request to the vulnerable /system-info endpoint. The server, upon receiving the request, inadvertently exposes sensitive system information that could be used for further attacks or system compromise.
