CVE-2025-58740
Unknown Unknown - Not Provided
Hard-Coded Key in Milner ImageDirector Capture Enables Credential Decryption

Publication date: 2026-01-20

Last updated on: 2026-02-10

Assigner: Security Risk Advisors

Description
The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-02-10
Generated
2026-05-06
AI Q&A
2026-01-21
EPSS Evaluated
2026-05-05
NVD
CVE-2025-58740
EUVD
EUVD-2025-206311
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
milner imagedirector_capture From 7.0.9 (inc) to 7.6.3.25808 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the use of a hard-coded encryption key within the Password function in the C2SGlobalSettings.dll component of Milner ImageDirector Capture on Windows. Because the encryption key is embedded directly in the executable, a local attacker can extract this key and use it to decrypt database credentials, compromising the security of sensitive information.


How can this vulnerability impact me? :

The vulnerability allows a local attacker to decrypt database credentials by extracting the hard-coded cryptographic key from the executable. This can lead to unauthorized access to the database, potentially exposing sensitive data, enabling further attacks, and compromising the integrity and confidentiality of the system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart