{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-58742","assignerOrgId":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","state":"PUBLISHED","assignerShortName":"SRA","dateReserved":"2025-09-04T15:27:48.361Z","datePublished":"2026-01-20T21:36:54.171Z","dateUpdated":"2026-01-21T16:14:33.073Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","platforms":["Windows"],"product":"ImageDirector Capture","vendor":"Milner","versions":[{"lessThan":"7.6.3.25808","status":"affected","version":"7.0.9","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Asa Reynolds (SRA)"},{"lang":"en","type":"finder","value":"Rick Console (SRA)"}],"datePublic":"2026-01-20T19:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.<p>This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.</p>"}],"value":"Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808."}],"impacts":[{"capecId":"CAPEC-94","descriptions":[{"lang":"en","value":"CAPEC-94 Adversary in the Middle (AiTM)"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.5,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-522","description":"CWE-522 Insufficiently Protected Credentials","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-923","description":"CWE-923 Improper Restriction of Communication Channel to Intended Endpoints","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","shortName":"SRA","dateUpdated":"2026-01-20T21:36:54.171Z"},"references":[{"tags":["third-party-advisory"],"url":"https://sra.io/advisories"}],"source":{"discovery":"UNKNOWN"},"title":"Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-21T15:40:17.672533Z","id":"CVE-2025-58742","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-21T16:14:33.073Z"}}]}}