CVE-2025-58741
Published: 20 January 2026
Summary
CVE-2025-58741 is a high-severity Insufficiently Protected Credentials (CWE-522) vulnerability in Milner Imagedirector Capture. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).
Deeper analysis
CVE-2025-58741, published on 2026-01-20, is an Insufficiently Protected Credentials vulnerability (CWE-522) in the Credential Field of Milner ImageDirector Capture. This issue affects versions from 7.0.9 through 7.6.3.25808. The vulnerability enables retrieval of credential material, which can be leveraged for unauthorized database access. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with low attack complexity.
A remote network attacker requires no privileges, authentication, or user interaction to exploit this vulnerability. By targeting the Credential Field, the attacker can extract stored credentials, enabling subsequent unauthorized access to the connected database and potential exposure of sensitive data.
Mitigation details are available in the advisory at https://sra.io/advisories.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206310
Vulnerability details
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct exposure of insufficiently protected application credentials (CWE-522) enables retrieval without authentication, matching T1552 Unsecured Credentials.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
IA-5 mandates protection of authenticator content from unauthorized disclosure and modification, directly addressing the insufficient protection of credentials in the Credential Field.
SC-28 requires security safeguards to protect the confidentiality of information at rest, preventing remote retrieval of unprotected credential material stored in ImageDirector Capture.
AC-3 enforces approved authorizations for access to system resources, blocking unauthorized retrieval of credentials from the vulnerable Credential Field.