CVE-2025-15554
Awaiting Analysis Awaiting Analysis - Queue

Local Admin Password Disclosure via Browser Cache in LAPSWebUI

Vulnerability report for CVE-2025-15554, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-16

Last updated on: 2026-04-07

Assigner: National Cyber Security Centre Finland

Description

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-16
Last Modified
2026-04-07
Generated
2026-07-05
AI Q&A
2026-03-16
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
truesec lapswebui to 2.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-525 The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-15554 is a vulnerability in truesec’s LAPSWebUI versions before 2.4 where local administrator passwords are cached by web browsers due to missing Cache-Control HTTP headers in server responses.

Specifically, the GET /Home/Password endpoint returns HTML containing sensitive local admin passwords without instructing browsers or proxies not to cache this data. As a result, browsers like Mozilla Firefox store these passwords locally, which can be accessed by an attacker with access to the workstation.

This vulnerability allows an attacker who can access a workstation to escalate their privileges by retrieving cached local admin passwords.

Impact Analysis

The vulnerability can lead to privilege escalation on affected systems.

An attacker with access to a workstation can retrieve cached local administrator passwords from the browser cache, allowing them to gain higher privileges than originally permitted.

This increases the risk of unauthorized administrative access, potentially compromising system security and sensitive data.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking if the HTTP responses from the LAPSWebUI server, specifically the GET /Home/Password endpoint, lack the Cache-Control header that prevents caching of sensitive data.

You can inspect the HTTP headers returned by the server using command-line tools such as curl or wget.

  • Use curl to check headers: curl -I https://<lapswebui-server>/Home/Password
  • Look for the absence of the Cache-Control header or presence of headers that allow caching.
  • Additionally, check browser cache directories (e.g., Firefox cache on Linux) for cached password data related to LAPSWebUI.
Mitigation Strategies

The primary mitigation is to upgrade truesec’s LAPSWebUI to version 2.4 or later, which fixes the issue by preventing caching of sensitive password pages.

If immediate upgrade is not possible, configure your web server to include the HTTP header: Cache-Control: no-store on the sensitive endpoints such as /Home/Password to prevent browsers and proxies from caching the passwords.

Also, restrict physical and local access to workstations to reduce the risk of attackers accessing cached passwords.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15554. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart