TM2 Monitoring CVE-2025-56447
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Network-reachable authentication bypass needs no privileges or interaction (AV:N/AC:L/PR:N/UI:N); plaintext credential disclosure plus full access yields high C/I/A.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.
AnalysisAI
Authentication bypass in TM2 Monitoring v3.04 allows remote attackers to circumvent login controls and access the application, which additionally stores and discloses user credentials in plaintext. Publicly available exploit code exists (POC published by researcher stSLAYER for RT-Systems' TM2), enabling full compromise of confidentiality, integrity, and availability. Not listed in CISA KEV and EPSS probability is low (0.32%), so no confirmed active exploitation despite the critical 9.8 CVSS score.
Technical ContextAI
TM2 Monitoring is a monitoring application (associated with RT-Systems per the published POC repository). The root cause is CWE-287 (Improper Authentication): the application fails to correctly enforce identity verification, allowing the authentication step to be bypassed. Compounding this, credentials are stored and/or transmitted in plaintext rather than being hashed or encrypted, meaning that once access is obtained the underlying username/password pairs are directly readable. The combination of a broken auth boundary plus cleartext secret storage means a single flaw yields both access and reusable credentials.
Affected ProductsAI
TM2 Monitoring version 3.04 is affected (vendor associated with RT-Systems per the POC repository). No CPE string was provided in the source data, so exact configuration identifiers cannot be confirmed. The only vendor-linked reference is http://tm2.com; the vulnerability details and proof of concept are documented at https://github.com/stSLAYER/ZeroDayVulnerabilities-/blob/main/RT-Systems/POC/README.md and https://gist.github.com/stSLAYER/b0be1f0fe95f56c08ef2bd69f40cd817. Versions other than 3.04 are not specified in the available data.
RemediationAI
No vendor-released patch was identified at time of analysis; the source data provides no fix version, and the only vendor reference (http://tm2.com) is not a confirmed advisory. As compensating controls, restrict network access to the TM2 Monitoring interface by placing it behind a VPN or firewall allowlist so it is not reachable by untrusted networks (trade-off: remote operators must connect via VPN), and terminate the service or take it offline if it is exposed to the internet until a patched build is confirmed. Because credentials are stored in plaintext, rotate all TM2 account passwords and any credentials reused elsewhere, and monitor authentication logs for anomalous access (trade-off: rotation does not fix the underlying storage flaw, so exposure recurs on next use). Consult the vendor at http://tm2.com and review the POC at https://github.com/stSLAYER/ZeroDayVulnerabilities-/blob/main/RT-Systems/POC/README.md to validate detection.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today