CVE-2025-27926
MEDIUMSeverity by source
AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
AnalysisAI
In Nintex Automation 5.6 and 5.7 versions up to 5.8 is affected by incorrect default permissions (CVSS 4.3).
Technical ContextAI
This vulnerability (CWE-276: Incorrect Default Permissions) affects In Nintex Automation 5.6 and 5.7. In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
Affected ProductsAI
Product: In Nintex Automation 5.6 and 5.7. Versions: up to 5.8.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today