A few weeks ago, a customer approached us with the request to secure a business-critical application with our Managed Application Protection Service. CLUE pursues a multi-level, risk-based approach that differs significantly from the industry standard: Before an application is integrated into our security infrastructure, we carry out a comprehensive attack surface analysis. This initial assessment enables us to define protection mechanisms that are precisely tailored to the target architecture – instead of being based on generic rule sets, as used in many standard market solutions.

As part of the preliminary analysis, our security specialist Manuel Walder has identified a serious vulnerability in the application’s data flow.  CVE‑2025‑2407 (CVSS 9.3) affects the Mobatime AMX MTAPI version 6, which is operated on IIS. Due to the lack of authentication and authorization controls in the Web API, an attacker can gain unrestricted access to all API functions.

What is particularly critical is that conventional security solutions cannot detect or eliminate the vulnerability. The cause lies in the business logic of the application – an area that conventional protection mechanisms often do not cover.

After identifying the vulnerability, CLUE worked closely with the affected customer, the software manufacturer and the National Cyber Security Center (NCSC). The vulnerability was carefully validated and communicated in a coordinated disclosure process. This intensive collaboration resulted in the official allocation of the identifier CVE-2025-2407 and ensured that both technical and regulatory requirements were met – to protect all affected users. The entire process clearly shows that effective protection requires, above all, a deep understanding of the real risks.

Conclusion: Protection Begins with Awareness

This incident illustrates how deceptive trust in security solutions can be when they are implemented without contextual knowledge. CLUE therefore consistently relies on a combined approach:

• Attack Surface Analysis – precautionary, targeted, well-founded
• Technical Vulnerability Analysis – with clear identification of risks as in CVE‑2025‑2407
• CVD‑Coordination – Transparent and responsible disclosure, including involvement of government agencies
• Tailored Policies – based on the specific architecture of the application

This is the only way to create a realistic risk profile and derive an effective security concept. Especially in times of highly automated attack scenarios, increasingly driven by artificial intelligence, this comprehensive approach is the key to sustainable cybersecurity. CLUE combines in-depth technical understanding with strategic foresight—for effective protection even in highly networked, dynamic IT environments.

The complete technical description of the vulnerability CVE-2025-2407 is available via the official CVE-Database.

What risks lurk in your business logic? Let us review your applications together—before an attacker does. Arrange a preliminary consultation now!