Cyber Posture

CVE-2025-70041

Critical

Published: 11 March 2026

Published
11 March 2026
Modified
10 May 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 18.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70041 is a critical-severity Use of Hard-coded Password (CWE-259) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 18.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SA-15 (Development Process, Standards, and Tools).

Threat & Defense at a Glance

What attackers do: exploitation maps to Valid Accounts (T1078) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match
prevent

IA-5 requires proper management of authenticators including prohibiting hard-coded passwords through secure distribution, rotation, and protection to prevent unauthorized access.

SA-15 Development Process, Standards, and Tools good match
prevent

SA-15 mandates developer use of standards, tools, and processes such as secure coding practices and code reviews that prohibit embedding hard-coded passwords in software like ThermaKube.

SI-2 Flaw Remediation good match
detectrespondrecover

SI-2 ensures flaws like the hard-coded password in CVE-2025-70041 are identified, prioritized, and remediated promptly to mitigate exploitation risks.

MITRE ATT&CK Enterprise TechniquesAI

T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Hard-coded password directly enables use of valid accounts for remote unauthorized access (T1078) to a publicly exposed application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master.

Deeper analysisAI

CVE-2025-70041, published on 2026-03-11, involves a use of hard-coded password issue (CWE-259) discovered in the master branch of oslabs-beta ThermaKube. This vulnerability affects the ThermaKube software component developed by oslabs-beta, earning a critical CVSS v3.1 base score of 9.8 due to its severe impact potential.

The vulnerability enables exploitation over the network (AV:N) with low complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), and without changing scope (S:U). Attackers can achieve high impacts on confidentiality (C:H), integrity (I:H), and availability (A:H), potentially allowing unauthorized access to sensitive functions, data exfiltration, system modification, or denial of service on affected ThermaKube instances.

References for further details include a GitHub Gist at https://gist.github.com/zcxlighthouse/cbd6fd6ca486460573e0611ee547f763, the oslabs-beta organization page at https://github.com/oslabs-beta, and the ThermaKube repository at https://github.com/oslabs-beta/ThermaKube. No specific mitigation steps or patches are outlined in the available CVE information.

Details

CWE(s)
CWE-259

CVEs Like This One

CVE-2025-11126Shared CWE-259
CVE-2025-27638Shared CWE-259
CVE-2026-7579Shared CWE-259
CVE-2025-46067Shared CWE-259
CVE-2025-59388Shared CWE-259
CVE-2025-1100Shared CWE-259
CVE-2025-2402Shared CWE-259
CVE-2025-8730Shared CWE-259
CVE-2024-48831Shared CWE-259
CVE-2025-70802Shared CWE-259

References