CVE-2025-57796

Summary

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.

Affected Software

VendorProductVersion RangeStatus
ExploranceBlue0 < 8.14.12affected

Weaknesses

  • CWE-257: CWE-257:Storing Passwords in a Recoverable Format

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References