CVE-2025-4876

EPSS 0.02%
Veröffentlicht 19.05.2025 16:04:34
Zuletzt bearbeitet 02.10.2025 01:42:14
Quelle 7d616e1a-3288-43b1-a0dd-0a65d3
CVE-Watchlists
Login
Unerledigt
Login

ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Connectwise ≫ Risk Assessment Version < 2023-07-01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.033

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7d616e1a-3288-43b1-a0dd-0a65d3e70a49	6	1.5	4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

https://github.com/packetlabs/vulnerability-advisory/blob/main/Disclosures/PL-2025-11315/README.md

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-4876

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-4876

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-4876

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-4876