CVE-2025-4876

Published May 19th, 2025

View on NVD ↗

CVSS v3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning.

packetlabs/vulnerability-advisory

This is a documented notice that provides details about a known vulnerability in a software product. It typically includes severity ratings (CVSS), impacted versions, remediation guidance (like patches or mitigations), credits to the reporter, and disclosure timelines. Our customers can use this to follow-up on products that they may use.

GitHub