CVE-2025-15554
Published: 16 March 2026
Summary
CVE-2025-15554 is a medium-severity Use of Web Browser Cache Containing Sensitive Information (CWE-525) vulnerability in Truesec Lapswebui. Its CVSS base score is 6.0 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-11 (Device Lock) and IA-5 (Authenticator Management).
Deeper analysis
CVE-2025-15554 is a vulnerability in Truesec’s LAPSWebUI prior to version 2.4 that enables browser caching of Local Administrator Password Solution (LAPS) passwords. This flaw allows attackers to retrieve cached credentials from the browser, leading to privilege escalation through disclosure of local administrator passwords. The issue is classified under CWE-525 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact with local access and low privileges required.
An attacker with physical or logical access to a workstation running the affected LAPSWebUI can exploit this vulnerability without user interaction. By accessing the browser's cache or storage, they can extract LAPS passwords for local administrators, enabling privilege escalation to full administrative control on the target system. This scenario is particularly relevant in environments where LAPSWebUI is deployed for password management across workstations.
The advisory published by Reversec Labs details mitigation strategies, recommending an upgrade to LAPSWebUI version 2.4 or later to address the caching issue (https://labs.reversec.com/advisories/2026/03/admin-passwords-cached-by-browsers-in-truesec-lapswebui). Security practitioners should verify browser cache clearing practices and monitor for unauthorized access to affected workstations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208695
Vulnerability details
Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability causes LAPS passwords to be stored in browser cache (local files), directly enabling retrieval of unsecured credentials for subsequent privilege escalation via valid local accounts.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the browser caching vulnerability in LAPSWebUI by identifying, reporting, and correcting the flaw through timely upgrades to version 2.4 or later.
Mandates protection of LAPS passwords as authenticators against unauthorized disclosure, preventing their insecure caching and extraction from browser storage.
Enforces automatic workstation locking after inactivity, blocking local attackers from accessing unlocked browsers containing cached LAPS credentials.