PT-2025-32219 · Unknown · Vedo Suite

Davide Reggiani

+2

·

Publicado

2025-08-06

·

Atualizado

2025-08-06

·

CVE-2025-51055

CVSS v3.1

8.6

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Vedo Suite version 2024.17
Description The application stores credentials in clear-text within the /api vedo/configuration/config.yml file. This file contains sensitive information, including credentials, secret keys, and database information.
Recommendations Ensure the /api vedo/configuration/config.yml file is appropriately secured to prevent unauthorized access.

Exploit

Correção

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312

Identificadores relacionados

CVE-2025-51055

Produtos afetados

Vedo Suite