Cyber Resilience

CVE-2025-22896

Critical

Published: 13 February 2025

Published
13 February 2025
Modified
04 March 2025
KEV Added
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.3743 97.3th percentile
Risk Priority 41 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22896 is a critical-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Myscada Mypro. Its CVSS base score is 9.2 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked in the top 2.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).

Deeper analysis

CVE-2025-22896 affects mySCADA myPRO Manager and stems from storage of credentials in cleartext, a weakness indexed as CWE-312. The flaw received a CVSS 4.0 score of 9.2, reflecting network-accessible exposure with no required authentication or user interaction and high impact on confidentiality.

An unauthenticated attacker can retrieve the stored credentials over the network, obtaining sensitive authentication material that may enable further access to the affected industrial control system deployment. The vulnerability can be reached without any prior privileges, allowing direct extraction of the cleartext values.

CISA has published ICS advisory ICSA-25-044-16 that addresses the issue, and mySCADA provides product downloads and contact channels for obtaining remediation guidance. The associated EPSS score has reached a peak of 0.4591 with a current value of 0.3743.

EU & UK References

Vulnerability details

mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

The vulnerability involves cleartext storage of credentials (CWE-312), directly enabling extraction of unsecured credentials from files without additional protections or complexity.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24865Same product: Myscada Mypro
CVE-2025-25067Same product: Myscada Mypro
CVE-2019-25279Shared CWE-312
CVE-2025-26495Shared CWE-312
CVE-2025-12774Shared CWE-312
CVE-2024-55027Shared CWE-312
CVE-2024-23942Shared CWE-312
CVE-2026-27520Shared CWE-312
CVE-2026-8596Shared CWE-312
CVE-2026-34833Shared CWE-312

Affected Assets

myscada
mypro
≤ 1.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 requires protecting authenticator content from unauthorized disclosure and modification, directly preventing cleartext storage of credentials.

prevent

SC-28 mandates cryptographic mechanisms to protect sensitive information at rest, comprehensively mitigating cleartext credential storage.

prevent

SI-2 ensures timely identification, reporting, and correction of system flaws like cleartext credential storage vulnerabilities.

References