CVE-2025-15554
Awaiting Analysis Awaiting Analysis - Queue
Local Admin Password Disclosure via Browser Cache in LAPSWebUI

Publication date: 2026-03-16

Last updated on: 2026-04-07

Assigner: National Cyber Security Centre Finland

Description
Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-07
Generated
2026-06-15
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-14
NVD
CVE-2025-15554
EUVD
EUVD-2025-208695
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
truesec lapswebui to 2.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-525 The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15554 is a vulnerability in truesec’s LAPSWebUI versions before 2.4 where local administrator passwords are cached by web browsers due to missing Cache-Control HTTP headers in server responses.

Specifically, the GET /Home/Password endpoint returns HTML containing sensitive local admin passwords without instructing browsers or proxies not to cache this data. As a result, browsers like Mozilla Firefox store these passwords locally, which can be accessed by an attacker with access to the workstation.

This vulnerability allows an attacker who can access a workstation to escalate their privileges by retrieving cached local admin passwords.

Impact Analysis

The vulnerability can lead to privilege escalation on affected systems.

An attacker with access to a workstation can retrieve cached local administrator passwords from the browser cache, allowing them to gain higher privileges than originally permitted.

This increases the risk of unauthorized administrative access, potentially compromising system security and sensitive data.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking if the HTTP responses from the LAPSWebUI server, specifically the GET /Home/Password endpoint, lack the Cache-Control header that prevents caching of sensitive data.

You can inspect the HTTP headers returned by the server using command-line tools such as curl or wget.

  • Use curl to check headers: curl -I https://<lapswebui-server>/Home/Password
  • Look for the absence of the Cache-Control header or presence of headers that allow caching.
  • Additionally, check browser cache directories (e.g., Firefox cache on Linux) for cached password data related to LAPSWebUI.
Mitigation Strategies

The primary mitigation is to upgrade truesec’s LAPSWebUI to version 2.4 or later, which fixes the issue by preventing caching of sensitive password pages.

If immediate upgrade is not possible, configure your web server to include the HTTP header: Cache-Control: no-store on the sensitive endpoints such as /Home/Password to prevent browsers and proxies from caching the passwords.

Also, restrict physical and local access to workstations to reduce the risk of attackers accessing cached passwords.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15554. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart