CVE-2025-26318

Summary

hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application.

Affected Software

VendorProductVersion RangeStatus
TSplusTSplus Remote Access0 < 17.30affected

Weaknesses

  • CWE-201: CWE-201 Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References