CVE-2025-26849

There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
mitreCNA
4.3 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
docusnapdocusnap
𝑥
≤ 13.0.1440.24261
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.docusnap.com/en/release-notes/changelog/
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012/
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012/