CVE-2025-58744
Published: 20 January 2026
Summary
CVE-2025-58744 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Milner Imagedirector Capture. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Policy and procedures prohibit hard-coded credentials in favor of managed authentication.
Changing default authenticators prior to first use and protecting content prevents use of hard-coded credentials.
Strategy enforces supplier requirements and code reviews that reduce hard-coded credentials introduced through acquired products.
Requiring security functional requirements and acceptance criteria allows contracts to prohibit hard-coded credentials in delivered systems or components.
Known vulnerabilities section of admin docs covers hard-coded credentials and how to replace them, limiting their use in deployments.
Enables users to notice when hard-coded credentials have been exploited for unauthorized access.
Security training explicitly warns against hard-coded credentials, lowering their use in systems.
Mandates replacement of default credentials during secure configuration and provisioning procedures.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hard-coded key enables remote decryption and access to sensitive local archive files, directly facilitating data collection from the system.
NVD Description
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
Deeper analysisAI
CVE-2025-58744, published on 2026-01-20, is a Use of Default Credentials and Hard-coded Credentials vulnerability (CWE-798, CWE-1392) in the C2SGlobalSettings.dll component of Milner ImageDirector Capture on Windows. The flaw allows decryption of document archive files using credentials decrypted with a hard-coded application encryption key. It affects ImageDirector Capture versions from 7.0.9.0 before 7.6.3.25808 and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants access to decrypt sensitive document archive files, leading to high confidentiality impact without affecting integrity or availability.
Mitigation involves upgrading to ImageDirector Capture version 7.6.3.25808 or later. Additional details are available in the advisory at https://sra.io/advisories.
Details
- CWE(s)