{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-58743","assignerOrgId":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","state":"PUBLISHED","assignerShortName":"SRA","dateReserved":"2025-09-04T15:27:48.361Z","datePublished":"2026-01-20T21:37:25.868Z","dateUpdated":"2026-01-21T16:14:28.383Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"ImageDirector Capture","vendor":"Milner","versions":[{"lessThan":"7.6.3.25808","status":"affected","version":"7.0.9.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Asa Reynolds (SRA)"},{"lang":"en","type":"finder","value":"Rick Console (SRA)"}],"datePublic":"2026-01-20T19:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability \n\nin the Password class in C2SConnections.dll&nbsp;in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.<p>This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.</p>"}],"value":"Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability \n\nin the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808."}],"impacts":[{"capecId":"CAPEC-20","descriptions":[{"lang":"en","value":"CAPEC-20 Encryption Brute Forcing"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"HIGH","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":7.2,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-327","description":"CWE-327 Use of a Broken or Risky Cryptographic Algorithm","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","shortName":"SRA","dateUpdated":"2026-01-20T21:37:25.868Z"},"references":[{"tags":["third-party-advisory"],"url":"https://sra.io/advisories"}],"source":{"discovery":"UNKNOWN"},"title":"Insecure Encryption Algorithms Enable Brute-Force Database Credential Access in Milner ImageDirector Capture","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-21T15:40:16.561983Z","id":"CVE-2025-58743","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-21T16:14:28.383Z"}}]}}