FKIE_CVE-2025-4876

Vulnerability from fkie_nvd - Published: 2025-05-19 16:15 - Updated: 2025-10-02 01:42
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning.
References
7d616e1a-3288-43b1-a0dd-0a65d3e70a49https://github.com/packetlabs/vulnerability-advisory/blob/main/Disclosures/PL-2025-11315/README.mdThird Party Advisory
Impacted products
Vendor Product Version
connectwise risk_assessment *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:connectwise:risk_assessment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F16CBD69-2DC0-4D6E-8A30-A7A27700F61B",
              "versionEndExcluding": "2023-07-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files\u00a0used for authenticated network scanning."
    },
    {
      "lang": "es",
      "value": "ConnectWise-Password-Encryption-Utility.exe, en la Evaluaci\u00f3n de Riesgos de ConnectWise, permite a un atacante extraer una clave de descifrado AES codificada mediante ingenier\u00eda inversa. Esta clave se incrusta en texto plano dentro del binario y se utiliza en operaciones criptogr\u00e1ficas sin gesti\u00f3n din\u00e1mica de claves. Una vez obtenida, la clave puede utilizarse para descifrar archivos CSV de entrada utilizados para el escaneo de red autenticado."
    }
  ],
  "id": "CVE-2025-4876",
  "lastModified": "2025-10-02T01:42:14.220",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-19T16:15:35.107",
  "references": [
    {
      "source": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/packetlabs/vulnerability-advisory/blob/main/Disclosures/PL-2025-11315/README.md"
    }
  ],
  "sourceIdentifier": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-321"
        }
      ],
      "source": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.