CVE-2025-66910
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: MITRE

Description
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-14
NVD
CVE-2025-66910
EUVD
EUVD-2025-204537
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
turms turms_server 0.10.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
CWE-256 The product stores a password in plaintext within resources such as memory or files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Turms Server v0.10.0-SNAPSHOT and earlier, where administrator passwords are stored in plaintext in memory within AdminInfo objects. Specifically, the BaseAdminService class caches these passwords unencrypted in the rawPassword field after successful login to optimize authentication performance. This means that attackers with local system access can extract these plaintext passwords through memory dumps, heap analysis, or debugger attachment, bypassing the bcrypt password protection.

Impact Analysis

If an attacker gains local access to the system running Turms Server, they can retrieve administrator passwords stored in plaintext in memory. This compromises administrator accounts, potentially allowing unauthorized access to administrative functions, leading to further system compromise, data breaches, or unauthorized changes.

Detection Guidance

This vulnerability can be detected by checking for the presence of plaintext administrator passwords stored in memory. Since the raw passwords are stored unencrypted in the rawPassword field of AdminInfo objects upon successful login, you can detect it by performing memory dumps or heap analysis on the running Turms Server process. Using debugging tools or memory analysis tools like gdb, lsof, or heap analyzers to inspect the process memory for plaintext passwords can help identify the vulnerability. Specific commands might include using 'gdb' to attach to the Turms Server process and inspecting memory regions, or using 'strings' on a memory dump to search for plaintext passwords. However, exact commands are not provided in the resources. [2, 3]

Mitigation Strategies

Immediate mitigation steps include restricting local system access to trusted users only, as attackers need local access to extract plaintext passwords from memory. Additionally, monitoring and limiting debugging or memory dump capabilities on the server can reduce risk. Updating to a version of Turms Server that addresses this vulnerability (later than v0.10.0-SNAPSHOT) when available is recommended. In the meantime, consider implementing additional encryption or obfuscation of passwords in memory if possible, or disabling administrator login features temporarily if feasible. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66910. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart