CVE-2025-26849

EUVD-2025-7714
There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
mitreCNA
4.3 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
docusnapdocusnap
𝑥
≤ 13.0.1440.24261
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.docusnap.com/en/release-notes/changelog/
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012/
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012/