CVE-2025-67652
MEDIUMSeverity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leaving sensitive information more vulnerable.
AnalysisAI
An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. [CVSS 6.1 MEDIUM]
Technical ContextAI
An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leaving sensitive information more vulnerable.
Affected ProductsAI
An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-261 – Weak Encoding for Password
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today