Cyber Resilience

CVE-2025-58741

High

Published: 20 January 2026

Published
20 January 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0017 6.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-58741 is a high-severity Insufficiently Protected Credentials (CWE-522) vulnerability in Milner Imagedirector Capture. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2025-58741, published on 2026-01-20, is an Insufficiently Protected Credentials vulnerability (CWE-522) in the Credential Field of Milner ImageDirector Capture. This issue affects versions from 7.0.9 through 7.6.3.25808. The vulnerability enables retrieval of credential material, which can be leveraged for unauthorized database access. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with low attack complexity.

A remote network attacker requires no privileges, authentication, or user interaction to exploit this vulnerability. By targeting the Credential Field, the attacker can extract stored credentials, enabling subsequent unauthorized access to the connected database and potential exposure of sensitive data.

Mitigation details are available in the advisory at https://sra.io/advisories.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Direct exposure of insufficiently protected application credentials (CWE-522) enables retrieval without authentication, matching T1552 Unsecured Credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33575Shared CWE-522
CVE-2026-7313Shared CWE-522
CVE-2026-7312Shared CWE-522
CVE-2025-26492Shared CWE-522
CVE-2025-58743Same product: Milner Imagedirector Capture
CVE-2025-58744Same product: Milner Imagedirector Capture
CVE-2026-35467Shared CWE-522
CVE-2025-0477Shared CWE-522
CVE-2020-37097Shared CWE-522
CVE-2026-20791Shared CWE-522

Affected Assets

milner
imagedirector capture
7.0.9 — 7.6.3.25808

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 mandates protection of authenticator content from unauthorized disclosure and modification, directly addressing the insufficient protection of credentials in the Credential Field.

prevent

SC-28 requires security safeguards to protect the confidentiality of information at rest, preventing remote retrieval of unprotected credential material stored in ImageDirector Capture.

prevent

AC-3 enforces approved authorizations for access to system resources, blocking unauthorized retrieval of credentials from the vulnerable Credential Field.

References