CVE-2025-57796

Severity CVSS v4.0:

Pending analysis

Type:

CWE-257 Storing Passwords in a Recoverable Format

Publication date:

28/01/2026

Last modified:

28/01/2026

Description

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 6.80 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Changed
Confidentiality (C): High
Integrity (I): None
Availability (A): None

Base Score 3.x

6.80

Severity 3.x

MEDIUM

References to Advisories, Solutions, and Tools

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0005.md
https://online-help.explorance.com/blue/articles/security-advisories-(january-2026)
https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57796
https://www.explorance.com/products/blue