CVE-2025-52601
Hardcoded Encryption Key in Device Manager Exposes Sensitive Data
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: Hanwha Vision Co., Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hanwha | vision | 2.24.00 |
| hanwha | vision | * |
| hanwha | vision | 2.23.01 |
| hanwha | vision | 2.22.10 |
| hanwha | vision | 2.23.00 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a hardcoded encryption key in the Device Manager software. Because the key is hardcoded, an attacker who obtains it can decrypt sensitive information that is supposed to be protected, potentially exposing confidential data.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive information by allowing an attacker to decrypt data protected by the hardcoded encryption key. This could result in data breaches, loss of confidentiality, and potential operational disruptions if the compromised information is critical.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the patch firmware released by the manufacturer. Please refer to the manufacturer's report for details and workarounds.