CVE-2025-15553
Published: 16 March 2026
Summary
CVE-2025-15553 is a medium-severity Insufficient Session Expiration (CWE-613) vulnerability in Truesec Lapswebui. Its CVSS base score is 6.0 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-12 (Session Termination) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2025-15553 affects Truesec’s LAPSWebUI in versions prior to 2.4, where the logout functionality fails to operate correctly. This vulnerability, tracked under CWE-613 (Insufficient Session Expiration), enables privilege escalation by disclosing local administrator passwords. It carries a CVSS v3.1 base score of 7.1, reflecting local vector access (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality and integrity impacts (C:H/I:H), and no availability impact (A:N). The issue was published on 2026-03-16.
An attacker with physical or logical access to an affected workstation and possessing low-level privileges can exploit the broken logout mechanism. By leveraging this flaw with low complexity and no need for user interaction, the attacker can disclose the local admin password, enabling privilege escalation on the system.
The advisory from Reversec Labs at https://labs.reversec.com/advisories/2026/03/insecure-logout-functionality-in-truesec-lapswebui provides details on the vulnerability. Mitigation requires upgrading to LAPSWebUI version 2.4 or later, which addresses the logout functionality issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208693
Vulnerability details
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Broken session expiration in LAPS password UI directly enables local credential disclosure (T1552) leading to privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires automatic or explicit session termination (logout) to invalidate access to LAPSWebUI and the disclosed local admin passwords.
Enforces access decisions based on current authenticated session state, blocking continued use of an unterminated session to retrieve passwords.
Requires re-authentication before sensitive operations such as password disclosure, mitigating the impact of a stale session left by broken logout.