CVE-2025-15554

EPSS 0.02%
Veröffentlicht 16.03.2026 10:46:09
Zuletzt bearbeitet 07.04.2026 00:50:55
Quelle db4dfee8-a97e-4877-bfae-eba6d1
CVE-Watchlists
Login
Unerledigt
Login

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Truesec ≫ Lapswebui Version < 2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.028

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
db4dfee8-a97e-4877-bfae-eba6d14a2166	6	0	0	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-525 Use of Web Browser Cache Containing Sensitive Information

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

https://labs.reversec.com/advisories/2026/03/admin-passwords-cached-by-browsers-in-truesec-lapswebui

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-15554

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-15554

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-15554

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-15554