CVE-2025-9982

EPSS 0.06%
Veröffentlicht 14.11.2025 13:22:16
Zuletzt bearbeitet 17.11.2025 19:28:12
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege escalation.

The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensolution ≫ Quick.Cms Version6.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.175

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvd@cert.pl	6.9	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-256 Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

https://opensolution.org/cms-system-quick-cms.html

Product

https://cert.pl/posts/2025/11/CVE-2025-9982

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-9982

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-9982

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-9982

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-9982