Search criteria
5 vulnerabilities by Milner
CVE-2025-58744 (GCVE-0-2025-58744)
Vulnerability from cvelistv5 – Published: 2026-01-20 21:38 – Updated: 2026-01-21 16:14
VLAI?
Title
Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture
Summary
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in
Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.
This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
Severity ?
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milner | ImageDirector Capture |
Affected:
7.0.9.0 , < 7.6.3.25808
(semver)
|
Credits
Asa Reynolds (SRA)
Rick Console (SRA)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:40:15.461975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T16:14:23.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ImageDirector Capture",
"vendor": "Milner",
"versions": [
{
"lessThan": "7.6.3.25808",
"status": "affected",
"version": "7.0.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asa Reynolds (SRA)"
},
{
"lang": "en",
"type": "finder",
"value": "Rick Console (SRA)"
}
],
"datePublic": "2026-01-20T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Default Credentials, Hard-coded Credentials vulnerability in\u0026nbsp;C2SGlobalSettings.dll in \n\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\n\n\u003cp\u003eThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.\u003c/p\u003e"
}
],
"value": "Use of Default Credentials, Hard-coded Credentials vulnerability in\u00a0C2SGlobalSettings.dll in \n\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\n\nThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
},
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:38:02.361Z",
"orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"shortName": "SRA"
},
"references": [
{
"url": "https://sra.io/advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"assignerShortName": "SRA",
"cveId": "CVE-2025-58744",
"datePublished": "2026-01-20T21:38:02.361Z",
"dateReserved": "2025-09-04T15:27:48.361Z",
"dateUpdated": "2026-01-21T16:14:23.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58743 (GCVE-0-2025-58743)
Vulnerability from cvelistv5 – Published: 2026-01-20 21:37 – Updated: 2026-01-21 16:14
VLAI?
Title
Insecure Encryption Algorithms Enable Brute-Force Database Credential Access in Milner ImageDirector Capture
Summary
Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability
in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
Severity ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milner | ImageDirector Capture |
Affected:
7.0.9.0 , < 7.6.3.25808
(semver)
|
Credits
Asa Reynolds (SRA)
Rick Console (SRA)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:40:16.561983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T16:14:28.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ImageDirector Capture",
"vendor": "Milner",
"versions": [
{
"lessThan": "7.6.3.25808",
"status": "affected",
"version": "7.0.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asa Reynolds (SRA)"
},
{
"lang": "en",
"type": "finder",
"value": "Rick Console (SRA)"
}
],
"datePublic": "2026-01-20T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability \n\nin the Password class in C2SConnections.dll\u0026nbsp;in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.\u003cp\u003eThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.\u003c/p\u003e"
}
],
"value": "Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability \n\nin the Password class in C2SConnections.dll\u00a0in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808."
}
],
"impacts": [
{
"capecId": "CAPEC-20",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-20 Encryption Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:37:25.868Z",
"orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"shortName": "SRA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://sra.io/advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Encryption Algorithms Enable Brute-Force Database Credential Access in Milner ImageDirector Capture",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"assignerShortName": "SRA",
"cveId": "CVE-2025-58743",
"datePublished": "2026-01-20T21:37:25.868Z",
"dateReserved": "2025-09-04T15:27:48.361Z",
"dateUpdated": "2026-01-21T16:14:28.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58742 (GCVE-0-2025-58742)
Vulnerability from cvelistv5 – Published: 2026-01-20 21:36 – Updated: 2026-01-21 16:14
VLAI?
Title
Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture
Summary
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milner | ImageDirector Capture |
Affected:
7.0.9 , < 7.6.3.25808
(semver)
|
Credits
Asa Reynolds (SRA)
Rick Console (SRA)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:40:17.672533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T16:14:33.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "ImageDirector Capture",
"vendor": "Milner",
"versions": [
{
"lessThan": "7.6.3.25808",
"status": "affected",
"version": "7.0.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asa Reynolds (SRA)"
},
{
"lang": "en",
"type": "finder",
"value": "Rick Console (SRA)"
}
],
"datePublic": "2026-01-20T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the \u0027Server\u0027 field to redirect client authentication.\u003cp\u003eThis issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.\u003c/p\u003e"
}
],
"value": "Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the \u0027Server\u0027 field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:36:54.171Z",
"orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"shortName": "SRA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://sra.io/advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"assignerShortName": "SRA",
"cveId": "CVE-2025-58742",
"datePublished": "2026-01-20T21:36:54.171Z",
"dateReserved": "2025-09-04T15:27:48.361Z",
"dateUpdated": "2026-01-21T16:14:33.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58741 (GCVE-0-2025-58741)
Vulnerability from cvelistv5 – Published: 2026-01-20 21:36 – Updated: 2026-01-21 16:14
VLAI?
Title
Insecure Masked Credential Fields Enable Database Credential Access in Milner ImageDirector Capture
Summary
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milner | ImageDirector Capture |
Affected:
7.0.9 , ≤ 7.6.3.25808
(semver)
|
Credits
Asa Reynolds (SRA)
Rick Console (SRA)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:40:18.993620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T16:14:37.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "ImageDirector Capture",
"vendor": "Milner",
"versions": [
{
"lessThanOrEqual": "7.6.3.25808",
"status": "affected",
"version": "7.0.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asa Reynolds (SRA)"
},
{
"lang": "en",
"type": "finder",
"value": "Rick Console (SRA)"
}
],
"datePublic": "2026-01-20T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.\u003cp\u003eThis issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808.\u003c/p\u003e"
}
],
"value": "Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
},
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:36:26.897Z",
"orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"shortName": "SRA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://sra.io/advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Masked Credential Fields Enable Database Credential Access in Milner ImageDirector Capture",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"assignerShortName": "SRA",
"cveId": "CVE-2025-58741",
"datePublished": "2026-01-20T21:36:26.897Z",
"dateReserved": "2025-09-04T15:27:48.361Z",
"dateUpdated": "2026-01-21T16:14:37.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58740 (GCVE-0-2025-58740)
Vulnerability from cvelistv5 – Published: 2026-01-20 21:36 – Updated: 2026-01-21 16:14
VLAI?
Title
Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture
Summary
The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable.
This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
Severity ?
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milner | ImageDirector Capture |
Affected:
7.0.9 , < 7.6.3.25808
(semver)
|
Credits
Asa Reynolds (SRA)
Rick Console (SRA)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:40:20.076783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T16:14:42.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "ImageDirector Capture",
"vendor": "Milner",
"versions": [
{
"lessThan": "7.6.3.25808",
"status": "affected",
"version": "7.0.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asa Reynolds (SRA)"
},
{
"lang": "en",
"type": "finder",
"value": "Rick Console (SRA)"
}
],
"datePublic": "2026-01-20T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.\u003cbr\u003e\u003c/p\u003e\n\n\n\n\u003cbr\u003e"
}
],
"value": "The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable.\n\nThis issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
},
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:36:00.681Z",
"orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"shortName": "SRA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://sra.io/advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"assignerShortName": "SRA",
"cveId": "CVE-2025-58740",
"datePublished": "2026-01-20T21:36:00.681Z",
"dateReserved": "2025-09-04T15:27:48.361Z",
"dateUpdated": "2026-01-21T16:14:42.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}