Cyber Resilience

CVE-2025-26849

MediumPublic PoC

Published: 04 March 2025

Published
04 March 2025
Modified
07 July 2025
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
EPSS Score 0.0015 35.4th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26849 is a medium-severity Use of Default Cryptographic Key (CWE-1394) vulnerability in Docusnap Docusnap. Its CVSS base score is 4.3 (Medium).

Operationally, ranked at the 35.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

docusnap
docusnap
≤ 13.0.1440.24261

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References