CVE-2025-70048
Published: 09 March 2026
Summary
CVE-2025-70048 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Nexus Nexusinterface. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).
Deeper analysis
CVE-2025-70048 is a vulnerability involving CWE-319: Cleartext Transmission of Sensitive Information in Nexusoft NexusInterface version 3.2.0-beta.2. This flaw allows sensitive data to be transmitted without encryption, exposing it to interception. The vulnerability has a CVSS v3.1 base score of 7.5, with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating high severity primarily due to confidentiality impact.
Remote attackers require no privileges or user interaction to exploit this issue over the network with low complexity. Successful exploitation enables attackers to capture sensitive information transmitted in cleartext, potentially leading to data leakage such as credentials, personal details, or other confidential material without affecting integrity or availability.
Further details, including potential advisories or patches, can be found in the provided references: https://gist.github.com/zcxlighthouse/ae89b0542ef3e39cd6dcac9d529c2c69, https://github.com/Nexusoft, and https://github.com/Nexusoft/NexusInterface. Security practitioners should review these sources for mitigation guidance specific to NexusInterface deployments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208427
Vulnerability details
An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Cleartext transmission (CWE-319) directly enables passive network interception of credentials/sensitive data, mapping to Network Sniffing.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires protection of the confidentiality of transmitted sensitive information, prohibiting cleartext transmission that enables interception in NexusInterface.
Mandates cryptographic mechanisms to protect confidentiality of information transmitted across untrusted networks, comprehensively mitigating the cleartext exposure in this CVE.
Implements cryptographic protections to prevent unauthorized disclosure of sensitive information during transmission, addressing the core flaw of unencrypted data flows.