Skip to main content

TM2 Monitoring CVE-2025-56447

CRITICAL
Improper Authentication (CWE-287)
2025-10-22 cve@mitre.org
9.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Network-reachable authentication bypass needs no privileges or interaction (AV:N/AC:L/PR:N/UI:N); plaintext credential disclosure plus full access yields high C/I/A.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 03:03 vuln.today

DescriptionCVE.org

TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.

AnalysisAI

Authentication bypass in TM2 Monitoring v3.04 allows remote attackers to circumvent login controls and access the application, which additionally stores and discloses user credentials in plaintext. Publicly available exploit code exists (POC published by researcher stSLAYER for RT-Systems' TM2), enabling full compromise of confidentiality, integrity, and availability. Not listed in CISA KEV and EPSS probability is low (0.32%), so no confirmed active exploitation despite the critical 9.8 CVSS score.

Technical ContextAI

TM2 Monitoring is a monitoring application (associated with RT-Systems per the published POC repository). The root cause is CWE-287 (Improper Authentication): the application fails to correctly enforce identity verification, allowing the authentication step to be bypassed. Compounding this, credentials are stored and/or transmitted in plaintext rather than being hashed or encrypted, meaning that once access is obtained the underlying username/password pairs are directly readable. The combination of a broken auth boundary plus cleartext secret storage means a single flaw yields both access and reusable credentials.

Affected ProductsAI

TM2 Monitoring version 3.04 is affected (vendor associated with RT-Systems per the POC repository). No CPE string was provided in the source data, so exact configuration identifiers cannot be confirmed. The only vendor-linked reference is http://tm2.com; the vulnerability details and proof of concept are documented at https://github.com/stSLAYER/ZeroDayVulnerabilities-/blob/main/RT-Systems/POC/README.md and https://gist.github.com/stSLAYER/b0be1f0fe95f56c08ef2bd69f40cd817. Versions other than 3.04 are not specified in the available data.

RemediationAI

No vendor-released patch was identified at time of analysis; the source data provides no fix version, and the only vendor reference (http://tm2.com) is not a confirmed advisory. As compensating controls, restrict network access to the TM2 Monitoring interface by placing it behind a VPN or firewall allowlist so it is not reachable by untrusted networks (trade-off: remote operators must connect via VPN), and terminate the service or take it offline if it is exposed to the internet until a patched build is confirmed. Because credentials are stored in plaintext, rotate all TM2 account passwords and any credentials reused elsewhere, and monitor authentication logs for anomalous access (trade-off: rotation does not fix the underlying storage flaw, so exposure recurs on next use). Consult the vendor at http://tm2.com and review the POC at https://github.com/stSLAYER/ZeroDayVulnerabilities-/blob/main/RT-Systems/POC/README.md to validate detection.

Share

CVE-2025-56447 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy