CVE-2025-9982
BaseFortify
Publication date: 2025-11-14
Last updated on: 2025-11-17
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opensolution | quick.cms | 6.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in QuickCMS version 6.8 involves sensitive admin credentials being hardcoded in a configuration file and stored in plaintext. Attackers who gain access to the source code or server file system can retrieve these authentication details, which may allow them to escalate their privileges within the system.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized access to administrative credentials, enabling attackers to escalate their privileges and potentially take control of the system or perform unauthorized actions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately restrict access to the server file system and source code to trusted personnel only. Remove or change any hardcoded admin credentials found in configuration files. Consider upgrading or patching QuickCMS if a fix becomes available, and monitor for unauthorized access attempts.