Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2025-69133 is a Local File Inclusion (LFI) vulnerability affecting Tourmaster versions 5.4.5 and earlier, specifically in the subscriber functionality. This vulnerability allows attackers to read arbitrary files from the affected server by manipulating input parameters, potentially exposing sensitive configuration files, source code, or credentials. The CVSS score of 7.5 (high) reflects the significant risk this poses to confidentiality and system integrity. Organizations running vulnerable Tourmaster instances—particularly travel and tour management platforms relying on this software—face immediate risk of data exposure and reconnaissance attacks that could lead to further compromise.
While this CVE does not map directly to specific MITRE ATT&CK techniques, Casky's security skills powered by Claude AI with extended reasoning can detect the attack patterns underlying LFI exploitation. Practitioners using Casky would identify suspicious patterns associated with CWE-98 violations: repeated requests with directory traversal sequences (../, ..\, encoded variants), attempts to access sensitive files (/etc/passwd, /etc/shadow, web.config, database connection strings), and parameter manipulation in subscriber-related endpoints. The platform's 754 mapped security skills enable detection of Reconnaissance (T1592, T1592.004 - information gathering through application probing), Credential Access (T1555, T1110 - configuration file exploitation), and Persistence patterns. Security teams would see findings flagging abnormal file access requests, path traversal indicators, and deviations from normal subscriber module behavior in their Casky dashboard, enabling rapid identification and remediation before data exfiltration occurs.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2025-69133. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation