Cyber Resilience

CVE-2025-15553

Medium

Published: 16 March 2026

Published
16 March 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score v4 6.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 4.4th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15553 is a medium-severity Insufficient Session Expiration (CWE-613) vulnerability in Truesec Lapswebui. Its CVSS base score is 6.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-12 (Session Termination) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-15553 affects Truesec’s LAPSWebUI in versions prior to 2.4, where the logout functionality fails to operate correctly. This vulnerability, tracked under CWE-613 (Insufficient Session Expiration), enables privilege escalation by disclosing local administrator passwords. It carries a CVSS v3.1 base score of 7.1, reflecting local vector access (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality and integrity impacts (C:H/I:H), and no availability impact (A:N). The issue was published on 2026-03-16.

An attacker with physical or logical access to an affected workstation and possessing low-level privileges can exploit the broken logout mechanism. By leveraging this flaw with low complexity and no need for user interaction, the attacker can disclose the local admin password, enabling privilege escalation on the system.

The advisory from Reversec Labs at https://labs.reversec.com/advisories/2026/03/insecure-logout-functionality-in-truesec-lapswebui provides details on the vulnerability. Mitigation requires upgrading to LAPSWebUI version 2.4 or later, which addresses the logout functionality issue.

EU & UK References

Vulnerability details

Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Broken session expiration in LAPS password UI directly enables local credential disclosure (T1552) leading to privilege escalation (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-15552Same product: Truesec Lapswebui
CVE-2025-15554Same product: Truesec Lapswebui
CVE-2026-41133Shared CWE-613
CVE-2024-33507Shared CWE-613
CVE-2026-25476Shared CWE-613
CVE-2026-24912Shared CWE-613
CVE-2026-41902Shared CWE-613
CVE-2026-34828Shared CWE-613
CVE-2024-45033Shared CWE-613
CVE-2026-32663Shared CWE-613

Affected Assets

truesec
lapswebui
≤ 2.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires automatic or explicit session termination (logout) to invalidate access to LAPSWebUI and the disclosed local admin passwords.

prevent

Enforces access decisions based on current authenticated session state, blocking continued use of an unterminated session to retrieve passwords.

prevent

Requires re-authentication before sensitive operations such as password disclosure, mitigating the impact of a stale session left by broken logout.

References