Skip to main content

Windows EUVDEUVD-2025-18871

| CVE-2025-6513 CRITICAL
Password in Configuration File (CWE-260)
2025-06-23 0beee27a-7d8c-424f-8e46-ac453fa147e6
9.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 05:53 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
3.06
EUVD ID Assigned
Mar 15, 2026 - 22:10 euvd
EUVD-2025-18871
Analysis Generated
Mar 15, 2026 - 22:10 vuln.today
CVE Published
Jun 23, 2025 - 13:15 nvd
CRITICAL 9.3

DescriptionCVE.org

Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.

AnalysisAI

CVE-2025-6513 is a local privilege escalation vulnerability in the BRAIN2 application where standard Windows users can access and decrypt the application's database configuration file without authentication. This allows unprivileged local users to obtain database credentials and potentially compromise sensitive data, with a CVSS score of 9.3 indicating critical severity. The vulnerability affects system confidentiality, integrity, and availability across trust boundaries.

Technical ContextAI

The vulnerability stems from CWE-260 (Passwords in Configuration Files) combined with improper access controls and weak or predictable encryption. The BRAIN2 application stores database connection credentials in a configuration file that is readable by standard (non-administrative) Windows users, and the encryption scheme protecting these credentials is either absent, weak, or uses hardcoded keys that can be decrypted by local users. The root cause is inadequate file system permissions (likely the config file lacks proper ACLs restricting access to SYSTEM or Administrators only) and potentially the use of symmetric encryption with embedded or easily derivable keys rather than secure credential storage mechanisms like Windows Data Protection API (DPAPI) or credential manager integration.

RemediationAI

Immediate mitigations include: (1) Restrict file system permissions on the BRAIN2 configuration file to SYSTEM and Administrators only using Windows ACLs, removing read access for standard users; (2) Move database credentials out of plaintext configuration files and use Windows DPAPI or integrated Windows authentication for database connections; (3) Implement strict access controls on workstations where BRAIN2 runs, limiting local user access where possible; (4) Monitor configuration file access using Windows Event Viewer or EDR solutions. Long-term remediation requires a vendor patch that stores credentials securely (DPAPI encryption at rest, environment variables, or credential manager integration). Organizations should contact the BRAIN2 vendor immediately for patch availability and release timeline. A temporary workaround is to run BRAIN2 service/process with a dedicated service account and restrict local file system access to that account only.

CVE-2021-40444 HIGH POC
8.8 Sep 15

Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX

CVE-2021-1732 HIGH POC
7.8 Feb 25

Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by

CVE-2018-8174 HIGH POC
7.5 May 09

The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system co

CVE-2019-0803 HIGH POC
7.8 Apr 09

Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in

CVE-2020-1472 MEDIUM POC
5.5 Aug 17

A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation pr

CVE-2024-30088 HIGH
7.0 Jun 11

Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilR

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-13315 CRITICAL POC
9.3 Nov 19

Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API b

CVE-2025-34101 CRITICAL POC
9.3 Jul 10

Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/actio

CVE-2025-13316 HIGH POC
8.2 Nov 19

Twonky Server 8.5.2 uses hard-coded cryptographic keys for encrypting the administrator password. Combined with the cred

CVE-2025-34095 CRITICAL POC
9.3 Jul 10

Mako Server versions 2.5 and 2.6 contain an unauthenticated OS command injection via the tutorial interface at examples/

Share

EUVD-2025-18871 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy