Skip to main content

Agorum core CVE-2025-52164

HIGH
Plaintext Storage of a Password (CWE-256)
2025-07-18 cve@mitre.org
8.2
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
vuln.today AI
5.5 MEDIUM

Reading plaintext credentials requires access to the storage medium (config/DB/backups), so AV:L and PR:L; high confidentiality impact via disclosed secrets, no integrity or availability effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 01:29 vuln.today

DescriptionCVE.org

Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.

AnalysisAI

Plaintext credential storage in agorum core open versions 11.9.2 and 11.10.1 exposes stored account credentials to anyone able to read the underlying storage, undermining the confidentiality of any account whose secrets are persisted by this German enterprise content and document management platform. The flaw, tracked as CWE-256 and reported in usd HeroLab advisory usd-2025-0023, carries a vendor/NVD CVSS of 8.2 but no public exploit identified at time of analysis and no CISA KEV listing. Disclosed credentials can be reused to impersonate users or pivot into connected systems.

Technical ContextAI

agorum core open is an open-source Enterprise Content Management (ECM) / Document Management System (DMS) developed by agorum Software GmbH, typically deployed as a self-hosted Java-based server managing documents, workflows, and user accounts. The root cause is CWE-256 (Plaintext Storage of a Password / Unprotected Storage of Credentials): rather than storing secrets as salted, one-way hashes or in an encrypted secret store, the affected versions persist credentials in cleartext. This means any actor or process able to read the credential store - configuration files, database tables, or backups - obtains directly usable passwords, with no cracking step required. The advisory references only versions 11.9.2 and 11.10.1, indicating specific releases of the product line were audited.

Affected ProductsAI

The vulnerability affects agorum core open (agorum Software GmbH) at versions 11.9.2 and 11.10.1 specifically, as identified in the usd HeroLab security advisory. No CPE strings were provided in the input to further constrain the affected configurations, and it is unclear whether other 11.x releases or the commercial 'agorum core pro' edition share the defect. The authoritative reference is the usd HeroLab advisory at https://herolab.usd.de/security-advisories/usd-2025-0023/.

RemediationAI

No vendor-released patch or fixed version is identified in the available data at time of analysis, so consult the usd HeroLab advisory (https://herolab.usd.de/security-advisories/usd-2025-0023/) and agorum's own channels for an updated release beyond 11.9.2 / 11.10.1 and upgrade as soon as one is published. As compensating controls, restrict filesystem and database access to the agorum credential store to the minimum service account (tightening OS/DB permissions and file ACLs, which is low-risk but must be validated against the application service account), encrypt data at rest and secure/rotate all backups so plaintext secrets are not exposed in snapshots, and rotate all credentials known to be stored by the platform on the assumption they may already be exposed. Where feasible, move authentication to an external identity provider (LDAP/SSO) so fewer secrets are persisted locally, accepting the integration effort as a trade-off.

Share

CVE-2025-52164 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy