Severity by source
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
AnalysisAI
CVE-2025-6513 is a local privilege escalation vulnerability in the BRAIN2 application where standard Windows users can access and decrypt the application's database configuration file without authentication. This allows unprivileged local users to obtain database credentials and potentially compromise sensitive data, with a CVSS score of 9.3 indicating critical severity. The vulnerability affects system confidentiality, integrity, and availability across trust boundaries.
Technical ContextAI
The vulnerability stems from CWE-260 (Passwords in Configuration Files) combined with improper access controls and weak or predictable encryption. The BRAIN2 application stores database connection credentials in a configuration file that is readable by standard (non-administrative) Windows users, and the encryption scheme protecting these credentials is either absent, weak, or uses hardcoded keys that can be decrypted by local users. The root cause is inadequate file system permissions (likely the config file lacks proper ACLs restricting access to SYSTEM or Administrators only) and potentially the use of symmetric encryption with embedded or easily derivable keys rather than secure credential storage mechanisms like Windows Data Protection API (DPAPI) or credential manager integration.
RemediationAI
Immediate mitigations include: (1) Restrict file system permissions on the BRAIN2 configuration file to SYSTEM and Administrators only using Windows ACLs, removing read access for standard users; (2) Move database credentials out of plaintext configuration files and use Windows DPAPI or integrated Windows authentication for database connections; (3) Implement strict access controls on workstations where BRAIN2 runs, limiting local user access where possible; (4) Monitor configuration file access using Windows Event Viewer or EDR solutions. Long-term remediation requires a vendor patch that stores credentials securely (DPAPI encryption at rest, environment variables, or credential manager integration). Organizations should contact the BRAIN2 vendor immediately for patch availability and release timeline. A temporary workaround is to run BRAIN2 service/process with a dedicated service account and restrict local file system access to that account only.
Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX
Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by
The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system co
Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in
A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation pr
Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilR
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker
Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API b
Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/actio
Twonky Server 8.5.2 uses hard-coded cryptographic keys for encrypting the administrator password. Combined with the cred
Mako Server versions 2.5 and 2.6 contain an unauthenticated OS command injection via the tutorial interface at examples/
Same weakness CWE-260 – Password in Configuration File
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18871