CVE-2025-4876

Published May 19, 2025

Last updated a month ago

CVSS medium 6.0

Overview

Description
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning.
Source
7d616e1a-3288-43b1-a0dd-0a65d3e70a49
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6
Impact score
4
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

7d616e1a-3288-43b1-a0dd-0a65d3e70a49
CWE-798

Social media

Hype score
Not currently trending

  1. CVE-2025-4876 ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This ke… https://t.co/KoMtvvGoPx

    @CVEnew

    19 May 2025

    113 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.