Cyber Resilience

CVE-2025-15552

Medium

Published: 16 March 2026

Published
16 March 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score v4 6.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 4.8th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15552 is a medium-severity Insufficient Session Expiration (CWE-613) vulnerability in Truesec Lapswebui. Its CVSS base score is 6.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-12 (Session Termination) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-15552 is an Insufficient Session Expiration vulnerability (CWE-613) in Truesec’s LAPSWebUI prior to version 2.4. Published on 2026-03-16T14:17:56.130, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The flaw stems from sessions that do not expire properly, enabling unauthorized access to sensitive credentials within the LAPS (Local Administrator Password Solution) web interface.

A local attacker with access to an affected workstation and low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation allows disclosure of the local administrator password, resulting in privilege escalation and high impacts on confidentiality, integrity, and availability.

The advisory at https://labs.reversec.com/advisories/2026/03/long-session-lifetime-in-truesec-lapswebui provides details on the issue, with mitigation achieved by upgrading to LAPSWebUI version 2.4 or later.

EU & UK References

Vulnerability details

Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1078.003 Local Accounts Stealth
Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Insufficient session expiration directly exposes LAPS credentials (T1552), enabling local low-priv attacker to obtain local admin password and escalate privileges (T1068, T1078.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-15553Same product: Truesec Lapswebui
CVE-2025-15554Same product: Truesec Lapswebui
CVE-2026-41133Shared CWE-613
CVE-2026-24669Shared CWE-613
CVE-2024-33507Shared CWE-613
CVE-2026-25476Shared CWE-613
CVE-2026-24912Shared CWE-613
CVE-2026-41902Shared CWE-613
CVE-2026-34828Shared CWE-613
CVE-2024-45033Shared CWE-613

Affected Assets

truesec
lapswebui
≤ 2.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses insufficient session expiration by enforcing automatic termination of user sessions after defined inactivity periods, preventing unauthorized access to persistent LAPSWebUI sessions.

prevent

Requires timely remediation of the specific flaw in LAPSWebUI prior to version 2.4 via upgrade, eliminating the vulnerability at its source.

AC-11 Device Lock partial match
prevent

Initiates device lock after inactivity on the workstation, blocking local attackers from accessing and exploiting non-expired sessions in the web UI.

References