Cyber Resilience

CVE-2025-70048

High

Published: 09 March 2026

Published
09 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 5.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70048 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Nexus Nexusinterface. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2025-70048 is a vulnerability involving CWE-319: Cleartext Transmission of Sensitive Information in Nexusoft NexusInterface version 3.2.0-beta.2. This flaw allows sensitive data to be transmitted without encryption, exposing it to interception. The vulnerability has a CVSS v3.1 base score of 7.5, with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating high severity primarily due to confidentiality impact.

Remote attackers require no privileges or user interaction to exploit this issue over the network with low complexity. Successful exploitation enables attackers to capture sensitive information transmitted in cleartext, potentially leading to data leakage such as credentials, personal details, or other confidential material without affecting integrity or availability.

Further details, including potential advisories or patches, can be found in the provided references: https://gist.github.com/zcxlighthouse/ae89b0542ef3e39cd6dcac9d529c2c69, https://github.com/Nexusoft, and https://github.com/Nexusoft/NexusInterface. Security practitioners should review these sources for mitigation guidance specific to NexusInterface deployments.

EU & UK References

Vulnerability details

An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Why these techniques?

Cleartext transmission (CWE-319) directly enables passive network interception of credentials/sensitive data, mapping to Network Sniffing.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-70047Same product: Nexus Nexusinterface
CVE-2026-23661Shared CWE-319
CVE-2025-13718Shared CWE-319
CVE-2024-36558Shared CWE-319
CVE-2024-44276Shared CWE-319
CVE-2025-69272Shared CWE-319
CVE-2024-42181Shared CWE-319
CVE-2026-30795Shared CWE-319
CVE-2026-30796Shared CWE-319
CVE-2025-67159Shared CWE-319

Affected Assets

nexus
nexusinterface
3.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires protection of the confidentiality of transmitted sensitive information, prohibiting cleartext transmission that enables interception in NexusInterface.

prevent

Mandates cryptographic mechanisms to protect confidentiality of information transmitted across untrusted networks, comprehensively mitigating the cleartext exposure in this CVE.

prevent

Implements cryptographic protections to prevent unauthorized disclosure of sensitive information during transmission, addressing the core flaw of unencrypted data flows.

References