CVE-2025-22372
Plaintext Credential Storage in SicommNet BASEC Enables Password Recovery
Description
Description
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery.
Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily.
This issue affects BASEC: from 14 Dec 2021.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| sicommnet | basec | From 2021-12-14 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-522 | Insufficiently Protected Credentials |
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2025-04-14
CVE Last Modified Date:
2025-04-15
Report Generation Date:
2025-07-14
EPSS Last Evaluated Date:
2025-07-02
NVD Report Link: