CVE-2025-45702
BaseFortify
Publication date: 2025-07-24
Last updated on: 2025-10-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| softperfect | connection_quality_monitor | 1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves SoftPerfect Connection Quality Monitor v1.1 storing all user credentials in plaintext within a file that is accessible and readable by any user on the system. This means sensitive credential information is not protected and can be easily accessed by unauthorized users. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive credentials stored by the application. If an attacker or unauthorized user gains access to these plaintext credentials, they could potentially misuse them to access systems or data, leading to security breaches or data compromise. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Storing credentials in plaintext and allowing unauthorized access to them can violate security requirements of common standards and regulations such as GDPR and HIPAA, which mandate protection of sensitive data. This vulnerability could therefore lead to non-compliance with these regulations due to inadequate protection of credential information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence and contents of the file at C:\ProgramData\SoftPerfect\Connection Quality Monitor\Connection Quality Monitor.DB on systems running Connection Quality Monitor v1.1. You can use commands to locate and read this file to verify if credentials are stored in plaintext. For example, on Windows, use: 1) To check if the file exists: dir "C:\ProgramData\SoftPerfect\Connection Quality Monitor\Connection Quality Monitor.DB" 2) To view the contents (which may reveal plaintext credentials): type "C:\ProgramData\SoftPerfect\Connection Quality Monitor\Connection Quality Monitor.DB" Note that reading this file requires appropriate permissions. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access permissions to the file C:\ProgramData\SoftPerfect\Connection Quality Monitor\Connection Quality Monitor.DB to prevent unauthorized users from reading it. Additionally, monitor for updates or patches from SoftPerfect Pty Ltd that modify the application to store credentials in an encrypted format, and apply such updates as soon as they become available. [1]