CVE-2025-66910
BaseFortify
Publication date: 2025-12-19
Last updated on: 2025-12-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| turms | turms_server | 0.10.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Turms Server v0.10.0-SNAPSHOT and earlier, where administrator passwords are stored in plaintext in memory within AdminInfo objects. Specifically, the BaseAdminService class caches these passwords unencrypted in the rawPassword field after successful login to optimize authentication performance. This means that attackers with local system access can extract these plaintext passwords through memory dumps, heap analysis, or debugger attachment, bypassing the bcrypt password protection.
How can this vulnerability impact me? :
If an attacker gains local access to the system running Turms Server, they can retrieve administrator passwords stored in plaintext in memory. This compromises administrator accounts, potentially allowing unauthorized access to administrative functions, leading to further system compromise, data breaches, or unauthorized changes.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of plaintext administrator passwords stored in memory. Since the raw passwords are stored unencrypted in the rawPassword field of AdminInfo objects upon successful login, you can detect it by performing memory dumps or heap analysis on the running Turms Server process. Using debugging tools or memory analysis tools like gdb, lsof, or heap analyzers to inspect the process memory for plaintext passwords can help identify the vulnerability. Specific commands might include using 'gdb' to attach to the Turms Server process and inspecting memory regions, or using 'strings' on a memory dump to search for plaintext passwords. However, exact commands are not provided in the resources. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting local system access to trusted users only, as attackers need local access to extract plaintext passwords from memory. Additionally, monitoring and limiting debugging or memory dump capabilities on the server can reduce risk. Updating to a version of Turms Server that addresses this vulnerability (later than v0.10.0-SNAPSHOT) when available is recommended. In the meantime, consider implementing additional encryption or obfuscation of passwords in memory if possible, or disabling administrator login features temporarily if feasible. [2, 3]