CVE-2025-54855
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-09-24

Assigner: ICS-CERT

Description
Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored in clear text.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-09-24
Generated
2026-06-16
AI Q&A
2025-09-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-54855
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
automationdirect click_programming_software 3.60
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the cleartext storage of sensitive information in Click Programming Software version v3.60. A local user who has access to the file system and an active administrator session can exploit this flaw to steal credentials that are stored without encryption.

Impact Analysis

If exploited, this vulnerability can lead to unauthorized access to sensitive credentials by a local user, potentially compromising system security and allowing further unauthorized actions within the affected environment.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54855. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart