Cyber Posture

CVE-2025-10174

High

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
EPSS Score 0.0002 4.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10174 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Gov (inferred from references). Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Sniffing (T1040) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-8 Transmission Confidentiality and Integrity good match
prevent

Directly enforces cryptographic protection to prevent disclosure and modification of sensitive information transmitted in cleartext over adjacent networks.

SC-5 Denial-of-service Protection good match
prevent

Protects against flooding attacks that cause high availability impact by limiting denial-of-service effects from adjacent network attackers.

SI-2 Flaw Remediation good match
prevent

Remediates the specific software flaw in PanCafe Pro versions below 3.3.2 through 23092025 by applying vendor patches or updates.

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
attack.mitre.org →
T1498 Network Denial of Service Impact
Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users.
attack.mitre.org →
Why these techniques?

Cleartext sensitive data on adjacent network directly enables sniffing (T1040); explicit flooding impact enables network DoS (T1498).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025.

Deeper analysisAI

CVE-2025-10174 is a Cleartext Transmission of Sensitive Information vulnerability (CWE-319) in Pan Software & Information Technologies Ltd.'s PanCafe Pro software. This issue affects PanCafe Pro versions from below 3.3.2 through 23092025 and enables Flooding. The vulnerability has a CVSS v3.1 base score of 8.3 (High), reflecting attack vector (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), low integrity impact (I:L), and high availability impact (A:H).

An adjacent network attacker can exploit CVE-2025-10174 without privileges or user interaction. Exploitation allows disclosure of sensitive information transmitted in cleartext, partial modification of data or resources (low integrity impact), and significant disruption of service through flooding (high availability impact).

The advisory at https://www.usom.gov.tr/bildirim/tr-26-0058 provides additional details on this vulnerability.

Details

CWE(s)
CWE-319

Affected Products

Gov
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-70048Shared CWE-319
CVE-2025-0556Shared CWE-319
CVE-2026-30795Shared CWE-319
CVE-2024-44276Shared CWE-319
CVE-2026-22271Shared CWE-319
CVE-2026-23661Shared CWE-319
CVE-2025-13718Shared CWE-319
CVE-2025-69272Shared CWE-319
CVE-2026-32838Shared CWE-319
CVE-2025-67159Shared CWE-319

References