{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-4876","assignerOrgId":"7d616e1a-3288-43b1-a0dd-0a65d3e70a49","state":"PUBLISHED","assignerShortName":"ConnectWise","dateReserved":"2025-05-16T20:18:46.987Z","datePublished":"2025-05-19T16:04:34.031Z","dateUpdated":"2025-09-03T16:33:11.971Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["connectwise-password-encryption-utlity.exe"],"product":"Risk Assessment","vendor":"ConnectWise","versions":[{"status":"affected","version":"All versions prior to deprecation (July 2023)"}]}],"credits":[{"lang":"en","type":"finder","value":"Joey Melo (jmelo@packetlabs.net)"},{"lang":"en","type":"finder","value":"Ian Lin (ilin@packetlabs.net)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">used for authenticated network scanning.</span>\n\n<br><br>"}],"value":"ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning."}],"impacts":[{"capecId":"CAPEC-191","descriptions":[{"lang":"en","value":"CAPEC-191 Read Sensitive Constants Within an Executable"}]},{"capecId":"CAPEC-37","descriptions":[{"lang":"en","value":"CAPEC-37 Retrieve Embedded Sensitive Data"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":6,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-321","description":"CWE-321 Use of Hard-coded Cryptographic Key","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d616e1a-3288-43b1-a0dd-0a65d3e70a49","shortName":"ConnectWise","dateUpdated":"2025-09-03T16:33:11.971Z"},"references":[{"url":"https://github.com/packetlabs/vulnerability-advisory/blob/main/Disclosures/PL-2025-11315/README.md"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"ConnectWise deprecated the tool in July 2023 and provided a new utility that does not contain hardcoded keys. The previous tool relied on a third-party utility that required credentials to be stored locally to perform authenticated network scans. Partners who still have the deprecated tool on their systems should remove it."}],"value":"ConnectWise deprecated the tool in July 2023 and provided a new utility that does not contain hardcoded keys. The previous tool relied on a third-party utility that required credentials to be stored locally to perform authenticated network scans. Partners who still have the deprecated tool on their systems should remove it."}],"source":{"discovery":"UNKNOWN"},"title":"Hardcoded Key Revealed in ConnectWise Password Encryption Utility","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-19T16:48:28.836537Z","id":"CVE-2025-4876","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-19T16:49:27.487Z"}}]}}