Common Weakness Enumeration

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVE-2025-64648 (GCVE-0-2025-64648)

Vulnerability from cvelistv5 – Published: 2026-03-25 20:38 – Updated: 2026-03-26 15:24
VLAI
Title
Multiple Vulnerabilities in IBM Concert Software
Summary
IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7267105 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Concert Affected: 1.0.0 , ≤ 2.2.0 (semver)
    cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:concert:2.2.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64648",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T15:24:36.916422Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T15:24:44.034Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:concert:2.2.0:*:*:*:*:*:*:*"
          ],
          "product": "Concert",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "2.2.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.\u003c/p\u003e"
            }
          ],
          "value": "IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T20:38:37.859Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7267105"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1\u003c/p\u003e\u003cp\u003eDownload IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry (\u003ca href=\"https://myibm.ibm.com/products-services/containerlibrary\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"\u003eICR\u003c/a\u003e) and follow\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/concert?topic=installing-preparing-run-installs-from-private-container-registry\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"\u003einstallation instructions\u003c/a\u003e\u0026nbsp;depending on the type of deployment.\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1\n\nDownload IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR https://myibm.ibm.com/products-services/containerlibrary ) and follow\u00a0 installation instructions https://www.ibm.com/docs/en/concert \u00a0depending on the type of deployment."
        }
      ],
      "title": "Multiple Vulnerabilities in IBM Concert Software",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-64648",
    "datePublished": "2026-03-25T20:38:37.859Z",
    "dateReserved": "2025-11-06T18:13:00.559Z",
    "dateUpdated": "2026-03-26T15:24:44.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64769 (GCVE-0-2025-64769)

Vulnerability from cvelistv5 – Published: 2026-01-16 00:16 – Updated: 2026-01-16 14:52
VLAI
Title
AVEVA Process Optimization Cleartext Transmission of Sensitive Information
Summary
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
AVEVA Process Optimization Affected: 0 , ≤ 2024.1 (custom)
Create a notification for this product.
Credits
Christopher Wu of Veracode reported these vulnerabilities to AVEVA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64769",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T14:52:23.223478Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T14:52:30.496Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Process Optimization",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "2024.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christopher Wu of Veracode reported these vulnerabilities to AVEVA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Process Optimization application suite leverages connection \nchannels/protocols that by-default are not encrypted and could become \nsubject to hijacking or data leakage in certain man-in-the-middle or \npassive inspection scenarios."
            }
          ],
          "value": "The Process Optimization application suite leverages connection \nchannels/protocols that by-default are not encrypted and could become \nsubject to hijacking or data leakage in certain man-in-the-middle or \npassive inspection scenarios."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T00:16:48.949Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        },
        {
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA recommends users take the following action:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\"\u003eAVEVA Process Optimization v2025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\nFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA recommends users take the following action:\n\n\n\n  *  Update to  AVEVA Process Optimization v2025 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea \n\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-26-015-01",
        "discovery": "EXTERNAL"
      },
      "title": "AVEVA Process Optimization Cleartext Transmission of Sensitive Information",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA alternatively recommends the following actions users can take to mitigate risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\u003c/li\u003e\n\u003cli\u003eApply ACLs to the installation and data folders, limiting write-access to trusted users only.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA alternatively recommends the following actions users can take to mitigate risk:\n\n\n\n  *  Apply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\n\n  *  Apply ACLs to the installation and data folders, limiting write-access to trusted users only.\n\n  *  Maintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-64769",
    "datePublished": "2026-01-16T00:16:48.949Z",
    "dateReserved": "2025-11-24T18:22:00.813Z",
    "dateUpdated": "2026-01-16T14:52:30.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66573 (GCVE-0-2025-66573)

Vulnerability from cvelistv5 – Published: 2025-12-04 20:45 – Updated: 2026-05-28 14:49
VLAI
Title
Solstice Pod API Session Key Extraction via API Endpoint
Summary
Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
Impacted products
Vendor Product Version
mersive Solstice Pod API Affected: 5.5
Affected: 6.2
Create a notification for this product.
Date Public
2025-03-29 00:00
Credits
The Baldwin School Ethical Hackers, The Baldwin School
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66573",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-05T17:52:11.355912Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-05T17:52:32.132Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.exploit-db.com/exploits/52104"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Solstice Pod API",
          "vendor": "mersive",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "status": "affected",
              "version": "6.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "The Baldwin School Ethical Hackers, The Baldwin School"
        }
      ],
      "datePublic": "2025-03-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSolstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.\u003c/p\u003e"
            }
          ],
          "value": "Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-28T14:49:28.470Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-52104",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/52104"
        },
        {
          "name": "Mersive Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.mersive.com/"
        },
        {
          "name": "Solstice Documentation",
          "tags": [
            "product"
          ],
          "url": "https://documentation.mersive.com/en/solstice/about-solstice.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Solstice Pod API Session Key Extraction via API Endpoint",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-66573",
    "datePublished": "2025-12-04T20:45:13.939Z",
    "dateReserved": "2025-12-04T16:22:24.337Z",
    "dateUpdated": "2026-05-28T14:49:28.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66604 (GCVE-0-2025-66604)

Vulnerability from cvelistv5 – Published: 2026-02-09 03:14 – Updated: 2026-02-09 19:06
VLAI
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
Impacted products
Vendor Product Version
Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
Create a notification for this product.
Date Public
2026-02-09 03:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66604",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T19:02:40.022823Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T19:06:28.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "FAST/TOOLS",
          "vendor": "Yokogawa Electric Corporation",
          "versions": [
            {
              "lessThanOrEqual": "R10.04",
              "status": "affected",
              "version": "R9.01",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-02-09T03:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThe library version\ncould be displayed on the web page. This information could be exploited by an\nattacker for other attacks.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThe library version\ncould be displayed on the web page. This information could be exploited by an\nattacker for other attacks.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T03:14:10.253Z",
        "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "shortName": "YokogawaGroup"
      },
      "references": [
        {
          "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
    "assignerShortName": "YokogawaGroup",
    "cveId": "CVE-2025-66604",
    "datePublished": "2026-02-09T03:14:10.253Z",
    "dateReserved": "2025-12-05T05:04:40.512Z",
    "dateUpdated": "2026-02-09T19:06:28.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-69272 (GCVE-0-2025-69272)

Vulnerability from cvelistv5 – Published: 2026-01-12 04:33 – Updated: 2026-01-12 15:19
VLAI
Title
Spectrum password returned in clear
Summary
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
ca
References
Impacted products
Vendor Product Version
Broadcom DX NetOps Spectrum Affected: 21.2.1 and earlier (custom)
Unaffected: 21.2.2 and later (custom)
Create a notification for this product.
Date Public
2026-01-12 04:30
Credits
Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-69272",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-12T15:19:14.389543Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-12T15:19:26.775Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "DX NetOps Spectrum",
          "vendor": "Broadcom",
          "versions": [
            {
              "status": "affected",
              "version": "21.2.1 and earlier",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "21.2.2 and later",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.1_and_earlier:*:windows:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.1_and_earlier:*:linux:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.2_and_later:*:windows:*:*:*:*:*",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.2_and_later:*:linux:*:*:*:*:*",
                  "vulnerable": false
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
        }
      ],
      "datePublic": "2026-01-12T04:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.\u003cp\u003eThis issue affects DX NetOps Spectrum: 21.2.1 and earlier.\u003c/p\u003e"
            }
          ],
          "value": "Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-157",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-157 Sniffing Attacks"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-12T04:33:37.988Z",
        "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "shortName": "ca"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
        }
      ],
      "source": {
        "advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
        "discovery": "UNKNOWN"
      },
      "title": "Spectrum password returned in clear",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
    "assignerShortName": "ca",
    "cveId": "CVE-2025-69272",
    "datePublished": "2026-01-12T04:33:37.988Z",
    "dateReserved": "2025-12-31T03:22:49.490Z",
    "dateUpdated": "2026-01-12T15:19:26.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7731 (GCVE-0-2025-7731)

Vulnerability from cvelistv5 – Published: 2025-09-01 03:57 – Updated: 2025-09-02 19:28
VLAI
Title
Information Disclosure Vulnerability in MELSEC iQ-F Series CPU module
Summary
Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product and stop the operations of programs by using the obtained credential information.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/ESS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MR/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MR/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/ESS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MR/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MR/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/ESS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MR/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MR/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/D Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-64MT/D Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-64MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-96MT/D Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-96MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ESS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MR/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MR/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ESS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MR/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MR/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ESS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MR/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MR/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ES-A Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MR/ES-A Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ES-A Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MR/ES-A Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ES-A Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MR/ES-A Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MT/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MT/ESS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MR/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MT/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MT/ESS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MR/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MT/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MT/ESS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MR/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MT/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MT/ESS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MR/ES Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MT/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MR/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MT/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MR/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MT/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MR/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MT/DS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MT/DSS Affected: All versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MR/DS Affected: All versions
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7731",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T19:28:29.484332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-02T19:28:39.347Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-64MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-96MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-96MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/DS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/DSS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MR/DS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product and stop the operations of programs by using the obtained credential information."
            }
          ],
          "value": "Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product and stop the operations of programs by using the obtained credential information."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Information Disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-01T03:57:49.657Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-012_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU90041458/"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Information Disclosure Vulnerability in MELSEC iQ-F Series CPU module",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2025-7731",
    "datePublished": "2025-09-01T03:57:49.657Z",
    "dateReserved": "2025-07-16T22:31:25.034Z",
    "dateUpdated": "2025-09-02T19:28:39.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-7743 (GCVE-0-2025-7743)

Vulnerability from cvelistv5 – Published: 2025-09-16 11:52 – Updated: 2026-06-05 13:37 Exclusively Hosted Service
VLAI
Title
Sensitive Data Exposure in Dolusoft's Omaspot
Summary
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
Dolusoft Omaspot Affected: 0 , < 12.09.2025 (custom)
Create a notification for this product.
Credits
Sevban Donmez
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7743",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-16T19:31:30.225221Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-16T19:31:38.633Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Omaspot",
          "vendor": "Dolusoft",
          "versions": [
            {
              "lessThan": "12.09.2025",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sevban Donmez"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.\u003cp\u003eThis issue affects Omaspot: before 12.09.2025.\u003c/p\u003e"
            }
          ],
          "value": "Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.\n\nThis issue affects Omaspot: before 12.09.2025."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-117",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-117 Interception"
            }
          ]
        },
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T13:37:20.821Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-25-0254"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0254"
        }
      ],
      "source": {
        "advisory": "TR-25-0254",
        "defect": [
          "TR-25-0254"
        ],
        "discovery": "UNKNOWN"
      },
      "tags": [
        "exclusively-hosted-service"
      ],
      "title": "Sensitive Data Exposure in Dolusoft\u0027s Omaspot",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2025-7743",
    "datePublished": "2025-09-16T11:52:39.118Z",
    "dateReserved": "2025-07-17T08:12:04.893Z",
    "dateUpdated": "2026-06-05T13:37:20.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-8205 (GCVE-0-2025-8205)

Vulnerability from cvelistv5 – Published: 2025-07-26 18:32 – Updated: 2025-07-28 16:01
VLAI
Title
Comodo Dragon IP DNS Leakage Detector cleartext transmission
Summary
A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0.6998.179. Affected by this issue is some unknown functionality of the component IP DNS Leakage Detector. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
  • CWE-310 - Cryptographic Issues
Assigner
References
Impacted products
Vendor Product Version
Comodo Dragon Affected: 134.0.6998.179
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8205",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-28T16:01:51.654138Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-28T16:01:54.787Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://news.fmisec.com/comodo-dragon-vulnerability"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "IP DNS Leakage Detector"
          ],
          "product": "Dragon",
          "vendor": "Comodo",
          "versions": [
            {
              "status": "affected",
              "version": "134.0.6998.179"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0.6998.179. Affected by this issue is some unknown functionality of the component IP DNS Leakage Detector. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in Comodo Dragon bis 134.0.6998.179 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente IP DNS Leakage Detector. Mittels Manipulieren mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-310",
              "description": "Cryptographic Issues",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-26T18:32:05.635Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-317774 | Comodo Dragon IP DNS Leakage Detector cleartext transmission",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.317774"
        },
        {
          "name": "VDB-317774 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.317774"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://news.fmisec.com/comodo-dragon-vulnerability"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-25T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-07-25T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-07-25T20:17:47.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Comodo Dragon IP DNS Leakage Detector cleartext transmission"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8205",
    "datePublished": "2025-07-26T18:32:05.635Z",
    "dateReserved": "2025-07-25T18:12:30.536Z",
    "dateUpdated": "2025-07-28T16:01:54.787Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8741 (GCVE-0-2025-8741)

Vulnerability from cvelistv5 – Published: 2025-08-08 21:32 – Updated: 2025-08-12 14:25
VLAI
Title
macrozheng mall login cleartext transmission
Summary
A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
  • CWE-310 - Cryptographic Issues
Assigner
References
Impacted products
Vendor Product Version
macrozheng mall Affected: 1.0.0
Affected: 1.0.1
Affected: 1.0.2
Affected: 1.0.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8741",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T14:25:20.152801Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T14:25:35.871Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/N1n3b9S/cve/issues/10"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mall",
          "vendor": "macrozheng",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0"
            },
            {
              "status": "affected",
              "version": "1.0.1"
            },
            {
              "status": "affected",
              "version": "1.0.2"
            },
            {
              "status": "affected",
              "version": "1.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In macrozheng mall bis 1.0.3 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/login. Mittels Manipulieren mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-310",
              "description": "Cryptographic Issues",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-08T21:32:05.880Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319237 | macrozheng mall login cleartext transmission",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.319237"
        },
        {
          "name": "VDB-319237 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319237"
        },
        {
          "name": "Submit #623318 | macrozheng mall 1.0.3 Cleartext Transmission of Sensitive Information",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.623318"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/N1n3b9S/cve/issues/10"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/N1n3b9S/cve/issues/10#issue-3262475757"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-08T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-08T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-08T10:55:16.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "macrozheng mall login cleartext transmission"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8741",
    "datePublished": "2025-08-08T21:32:05.880Z",
    "dateReserved": "2025-08-08T08:50:08.614Z",
    "dateUpdated": "2025-08-12T14:25:35.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8863 (GCVE-0-2025-8863)

Vulnerability from cvelistv5 – Published: 2025-08-11 13:03 – Updated: 2025-08-11 15:08
VLAI
Summary
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
Impacted products
Vendor Product Version
YugabyteDB Inc YugabyteDB Affected: 2024.1.0 , < 2024.1.3 (custom)
Affected: 2.20.0.0 , < 2.20.7.0 (custom)
Affected: 2.23.0.0 , < 2.23.1.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8863",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-11T15:08:36.280845Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-11T15:08:45.940Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "yugabyte",
          "platforms": [
            "MacOS",
            "Linux",
            "ARM",
            "x86"
          ],
          "product": "YugabyteDB",
          "repo": "https://github.com/yugabyte/yugabyte-db",
          "vendor": "YugabyteDB Inc",
          "versions": [
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.7.0",
              "status": "affected",
              "version": "2.20.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.23.1.0",
              "status": "affected",
              "version": "2.23.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: transparent;\"\u003eYugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-94",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-94 Adversary in the Middle (AiTM)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-11T13:03:18.238Z",
        "orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
        "shortName": "Yugabyte"
      },
      "references": [
        {
          "url": "https://docs.yugabyte.com/preview/secure/vulnerability-disclosure-policy/"
        }
      ],
      "source": {
        "defect": [
          "DB-12726"
        ],
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
    "assignerShortName": "Yugabyte",
    "cveId": "CVE-2025-8863",
    "datePublished": "2025-08-11T13:03:18.238Z",
    "dateReserved": "2025-08-11T12:43:56.931Z",
    "dateUpdated": "2025-08-11T15:08:45.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Phase: Architecture and Design

Description:

  • Before transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
Mitigation

Phase: Implementation

Description:

  • When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
Mitigation

Phase: Implementation

Description:

  • When designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
Mitigation

Phase: Testing

Description:

  • Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
Mitigation

Phase: Operation

Description:

  • Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
CAPEC-102: Session Sidejacking

Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.

CAPEC-117: Interception

An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.

CAPEC-383: Harvesting Information via API Event Monitoring

An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.

CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content

An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.

CAPEC-65: Sniff Application Code

An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.

Back to CWE stats page