Search criteria
2 vulnerabilities found for Risk Assessment by ConnectWise
CVE-2025-4876 (GCVE-0-2025-4876)
Vulnerability from cvelistv5 – Published: 2025-05-19 16:04 – Updated: 2025-09-03 16:33
VLAI?
Summary
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning.
Severity ?
6 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ConnectWise | Risk Assessment |
Affected:
All versions prior to deprecation (July 2023)
|
Credits
Joey Melo (jmelo@packetlabs.net)
Ian Lin (ilin@packetlabs.net)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T16:48:28.836537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T16:49:27.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"connectwise-password-encryption-utlity.exe"
],
"product": "Risk Assessment",
"vendor": "ConnectWise",
"versions": [
{
"status": "affected",
"version": "All versions prior to deprecation (July 2023)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joey Melo (jmelo@packetlabs.net)"
},
{
"lang": "en",
"type": "finder",
"value": "Ian Lin (ilin@packetlabs.net)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eused for authenticated network scanning.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files\u00a0used for authenticated network scanning."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
},
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T16:33:11.971Z",
"orgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
"shortName": "ConnectWise"
},
"references": [
{
"url": "https://github.com/packetlabs/vulnerability-advisory/blob/main/Disclosures/PL-2025-11315/README.md"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ConnectWise deprecated the tool in July 2023 and provided a new utility that does not contain hardcoded keys. The previous tool relied on a third-party utility that required credentials to be stored locally to perform authenticated network scans. Partners who still have the deprecated tool on their systems should remove it."
}
],
"value": "ConnectWise deprecated the tool in July 2023 and provided a new utility that does not contain hardcoded keys. The previous tool relied on a third-party utility that required credentials to be stored locally to perform authenticated network scans. Partners who still have the deprecated tool on their systems should remove it."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardcoded Key Revealed in ConnectWise Password Encryption Utility",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
"assignerShortName": "ConnectWise",
"cveId": "CVE-2025-4876",
"datePublished": "2025-05-19T16:04:34.031Z",
"dateReserved": "2025-05-16T20:18:46.987Z",
"dateUpdated": "2025-09-03T16:33:11.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4876 (GCVE-0-2025-4876)
Vulnerability from nvd – Published: 2025-05-19 16:04 – Updated: 2025-09-03 16:33
VLAI?
Summary
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning.
Severity ?
6 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ConnectWise | Risk Assessment |
Affected:
All versions prior to deprecation (July 2023)
|
Credits
Joey Melo (jmelo@packetlabs.net)
Ian Lin (ilin@packetlabs.net)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T16:48:28.836537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T16:49:27.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"connectwise-password-encryption-utlity.exe"
],
"product": "Risk Assessment",
"vendor": "ConnectWise",
"versions": [
{
"status": "affected",
"version": "All versions prior to deprecation (July 2023)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joey Melo (jmelo@packetlabs.net)"
},
{
"lang": "en",
"type": "finder",
"value": "Ian Lin (ilin@packetlabs.net)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eused for authenticated network scanning.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files\u00a0used for authenticated network scanning."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
},
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T16:33:11.971Z",
"orgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
"shortName": "ConnectWise"
},
"references": [
{
"url": "https://github.com/packetlabs/vulnerability-advisory/blob/main/Disclosures/PL-2025-11315/README.md"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ConnectWise deprecated the tool in July 2023 and provided a new utility that does not contain hardcoded keys. The previous tool relied on a third-party utility that required credentials to be stored locally to perform authenticated network scans. Partners who still have the deprecated tool on their systems should remove it."
}
],
"value": "ConnectWise deprecated the tool in July 2023 and provided a new utility that does not contain hardcoded keys. The previous tool relied on a third-party utility that required credentials to be stored locally to perform authenticated network scans. Partners who still have the deprecated tool on their systems should remove it."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardcoded Key Revealed in ConnectWise Password Encryption Utility",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
"assignerShortName": "ConnectWise",
"cveId": "CVE-2025-4876",
"datePublished": "2025-05-19T16:04:34.031Z",
"dateReserved": "2025-05-16T20:18:46.987Z",
"dateUpdated": "2025-09-03T16:33:11.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}