6
CVE-2025-66910
- EPSS 0.19%
- Veröffentlicht 19.12.2025 00:00:00
- Zuletzt bearbeitet 02.01.2026 19:50:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginTurms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.092 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6 | 0.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
CWE-256 Plaintext Storage of a Password
Storing a password in plaintext may result in a system compromise.
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
https://github.com/turms-im/turms
https://github.com/turms-im/turms/blob/develop/turms-server-common/src/main/java/im/turms/server/common/domain/admin/bo/AdminInfo.java#L34
https://github.com/turms-im/turms/blob/develop/turms-server-common/src/main/java/im/turms/server/common/domain/admin/service/BaseAdminService.java#L237
https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66910_report.md