CVE-2025-15554 | THREATINT

Description

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords.

PUBLISHED Reserved 2026-02-02 | Published 2026-03-16 | Updated 2026-03-16 | Assigner NCSC-FI

MEDIUM: 6.0CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Problem types

CWE-525 Use of web browser cache containing sensitive information

Product status

Default status

unaffected

Any version before 2.4

affected

2.4 (maven)

unaffected

Credits

Laban Sköllermark at Reversec Sweden AB finder

References

labs.reversec.com/...cached-by-browsers-in-truesec-lapswebui

cve.org (CVE-2025-15554)

nvd.nist.gov (CVE-2025-15554)

Download JSON