3 matches found
CVE-2025-4876
creationtimestamp| type| source ---|---|--- 2025-05-19 16:38:59+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16870 2025-05-19 17:13:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpk2zblkrk2o 2025-05-19 17:18:49+00:00| seen|...
CVE-2025-4876 Hardcoded Key Revealed in ConnectWise Password Encryption Utility
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained t...
CVE-2025-4876
The CVE-2025-4876 issue affects ConnectWise Risk Assessment’s ConnectWise-Password-Encryption-Utility.exe. Root cause: hardcoded AES decryption key embedded in plaintext in the binary, with no dynamic key management. Impact: an attacker with reverse-engineering capability could obtain the key and...