Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.
AnalysisAI
Insufficient Session Expiration in Truesec's LAPSWebUI before version 2.4 allows local attackers with user-level privileges to obtain local administrator passwords through inadequate session management controls. An attacker with physical or logical access to a workstation can exploit this vulnerability to escalate privileges and disclose sensitive credentials, potentially compromising domain administration. This vulnerability represents a practical privilege escalation risk in environments relying on LAPS (Local Administrator Password Solution) for credential management.
Technical ContextAI
LAPSWebUI is a web-based administrative interface for managing Microsoft's Local Administrator Password Solution (LAPS), which centrally manages local administrator account passwords across enterprise networks. The vulnerability stems from CWE-613 (Insufficient Session Expiration), a session management flaw where user sessions remain valid beyond their intended lifetime or are not properly terminated under specified conditions. Truesec's implementation fails to enforce adequate session timeout mechanisms or properly invalidate sessions when users disconnect, allowing attackers to reuse stale session tokens to access password disclosure functionality. The affected product operates as a web application (CPE prefix cpe:2.3:a:truesec:lapswebui) and interacts with Active Directory and LAPS infrastructure to retrieve and display sensitive local administrator credentials, making improper session handling particularly dangerous.
RemediationAI
Immediately upgrade Truesec LAPSWebUI to version 2.4 or later, which contains fixes for session expiration handling. Verify the upgrade through Truesec's official advisory and release notes. As interim mitigations pending patching, enforce strict network segmentation to limit access to the LAPSWebUI application to trusted administrative networks only, implement aggressive session timeout policies at the web server level (ideally 15–30 minutes of inactivity), deploy multi-factor authentication (MFA) for all LAPSWebUI access, and monitor session logs for anomalous reuse patterns. Additionally, restrict local access to workstations running LAPSWebUI clients and consider disabling password disclosure features until the patch can be applied if operational security allows.
LAPSWebUI before version 2.4 by Truesec improperly caches LAPS (Local Administrator Password Solution) passwords in brow
LAPSWebUI before version 2.4 contains a non-functional logout mechanism that allows an authenticated local attacker to o
Same weakness CWE-613 – Insufficient Session Expiration
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208691