CVE-2025-54394
BaseFortify
Publication date: 2025-08-07
Last updated on: 2025-08-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netwrix | directory_manager | From 11.0.0.0 (inc) to 11.1.25162.02 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Netwrix Directory Manager versions before 11.1.25162.02 involves insufficient protection of credentials when making requests to remote Excel resources. This means that the credentials used in these requests may be exposed or not securely handled, potentially allowing unauthorized access.
How can this vulnerability impact me? :
The impact of this vulnerability could include unauthorized access to sensitive data or systems if the insufficiently protected credentials are intercepted or misused. This could lead to data breaches or compromise of the affected system's integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Insufficiently protected credentials can lead to unauthorized access and data breaches, which may result in non-compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive information and proper access controls.