Blue
CVE-2025-57796
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.
AnalysisAI
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained. [CVSS 6.8 MEDIUM]
Technical ContextAI
Affects Blue. Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject
Explorance Blue versions before 8.14.9 have a CVSS 10.0 SQL injection vulnerability enabling unauthenticated attackers t
Explorance Blue before 8.14.13 has an authenticated remote file download vulnerability in a web service that allows down
Explorance Blue before 8.14.9 has an authenticated file upload vulnerability allowing administrators to upload executabl
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user
Same weakness CWE-257 – Storing Passwords in a Recoverable Format
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today