CVE-2025-22896
Published: 13 February 2025
Summary
CVE-2025-22896 is a critical-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Myscada Mypro. Its CVSS base score is 9.2 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked in the top 2.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).
Deeper analysis
CVE-2025-22896 affects mySCADA myPRO Manager and stems from storage of credentials in cleartext, a weakness indexed as CWE-312. The flaw received a CVSS 4.0 score of 9.2, reflecting network-accessible exposure with no required authentication or user interaction and high impact on confidentiality.
An unauthenticated attacker can retrieve the stored credentials over the network, obtaining sensitive authentication material that may enable further access to the affected industrial control system deployment. The vulnerability can be reached without any prior privileges, allowing direct extraction of the cleartext values.
CISA has published ICS advisory ICSA-25-044-16 that addresses the issue, and mySCADA provides product downloads and contact channels for obtaining remediation guidance. The associated EPSS score has reached a peak of 0.4591 with a current value of 0.3743.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3040
Vulnerability details
mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability involves cleartext storage of credentials (CWE-312), directly enabling extraction of unsecured credentials from files without additional protections or complexity.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
IA-5 requires protecting authenticator content from unauthorized disclosure and modification, directly preventing cleartext storage of credentials.
SC-28 mandates cryptographic mechanisms to protect sensitive information at rest, comprehensively mitigating cleartext credential storage.
SI-2 ensures timely identification, reporting, and correction of system flaws like cleartext credential storage vulnerabilities.