Severity by source
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks.
This issue affects Avantra: before 25.3.0.
AnalysisAI
Unprotected credential transport in syslink software AG Avantra before version 25.3.0 exposes authentication material to network-layer interception on both Linux and Windows deployments. The vulnerability, classified under CWE-523, allows a suitably positioned network adversary to capture credentials in transit, with the CVSS vector indicating high confidentiality and integrity impact upon successful exploitation. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the high attack complexity and high privilege prerequisite meaningfully constrain the realistic attacker population.
Technical ContextAI
CWE-523 (Unprotected Transport of Credentials) describes a design failure where authentication credentials are transmitted across the network without adequate cryptographic protection - either in cleartext or over a broken/misconfigured encrypted channel - making them recoverable by a passive or active network observer. The affected product is Avantra, an enterprise SAP monitoring platform developed by syslink software AG, identified by CPE cpe:2.3:a:syslink_software_ag:avantra:*:*:*:*:*:*:*:*. The Microsoft tag in the intelligence data suggests involvement of Microsoft protocol or transport layers (e.g., WinRM, NTLM, SMB-adjacent channels) alongside the SAP monitoring context. The CVSS network attack vector (AV:N) confirms the credential exposure occurs over a network path, while AC:H indicates that the attacker must engineer specific interception conditions such as a man-in-the-middle position or privileged network vantage point.
RemediationAI
The primary remediation is to upgrade Avantra to version 25.3.0 or later, as confirmed by the vendor advisory at https://support.avantra.com/hc/en-us/articles/5535621927071. If an immediate upgrade is not possible, compensating controls should focus on isolating Avantra communication channels: restrict network access to Avantra agent and server communication paths using firewall rules or network segmentation to trusted hosts only, preventing untrusted parties from reaching positions where credential interception is feasible. Enforce mutual TLS or IPsec between Avantra components if the platform supports it, to provide transport-layer encryption as a stopgap; note that this may require additional infrastructure configuration and does not address the root cause. Monitor for anomalous lateral movement or credential reuse from Avantra service accounts as a detection measure. Given that Microsoft-related transports may be involved (per tagging), review and restrict NTLM or WinRM exposure on Avantra-adjacent Windows hosts.
Same weakness CWE-523 – Unprotected Transport of Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31436
GHSA-v88w-jgrg-7946