CVE-2026-25601

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,4

Source: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Attack Vector: local

Attack Complexity: high

Privileges Required: high

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

A vulnerability was identified in MEPIS RM, an industrial
software product developed by Metronik. The application contained a hardcoded
cryptographic key within the Mx.Web.ComponentModel.dll component. When the
option to store domain passwords was enabled, this key was used to encrypt user
passwords before storing them in the application’s database. An attacker with
sufficient privileges to access the database could extract the encrypted
passwords, decrypt them using the embedded key, and gain unauthorized access to
the associated ICS/OT environment.

798

Use of Hard-coded Credentials

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality Availability Other

Potential Impacts:

Bypass Protection Mechanism Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Other

Applicable Platforms

Technologies: Mobile, ICS/OT

Likelihood of Exploit: High

View CWE Details

https://www.cert.si/en/cve-2026-25601/

CVE-2026-25601

Description

Use of Hard-coded Credentials

Common Consequences

Applicable Platforms

Iscriviti alla newsletter