CVE-2025-32874

Name of the Vulnerable Software and Affected Versions Kaseya Rapid Fire Tools Network Detective versions through 2.0.16.0

Description A cryptographic implementation flaw exists in the password encryption mechanism within the EncryptionUtil class. Symmetric encryption is implemented in a deterministic and non-randomized fashion, deriving both the encryption key and the Initialization Vector (IV) from a fixed, hardcoded input using a static salt value. Identical plaintext inputs consistently produce identical ciphertext outputs, regardless of whether FIPS or non-FIPS encryption methods are used. This predictability and reversibility stem from the lack of per-operation randomness and encryption authentication.

Recommendations Versions prior to 2.0.16.0 should be used.