CVE-2025-58742
Insufficiently Protected Credentials in Milner ImageDirector Capture Enables AiTM
Publication date: 2026-01-20
Last updated on: 2026-02-10
Assigner: Security Risk Advisors
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| milner | imagedirector_capture | From 7.0.9 (inc) to 7.6.3.25808 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-923 | The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint. |
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves insufficient protection of credentials and improper restriction of communication channels in the Connection Settings dialog of Milner ImageDirector Capture on Windows. It allows an adversary to perform a Man-in-the-Middle (AiTM) attack by modifying the 'Server' field, which redirects client authentication to a malicious endpoint.
How can this vulnerability impact me? :
The vulnerability can lead to an adversary intercepting or redirecting authentication credentials, potentially compromising user credentials and allowing unauthorized access to systems or data.