PT-2025-32219 · Unknown · Vedo Suite

Davide Reggiani

+2

·

Published

2025-08-06

·

Updated

2025-08-06

·

CVE-2025-51055

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Vedo Suite version 2024.17
Description The application stores credentials in clear-text within the /api vedo/configuration/config.yml file. This file contains sensitive information, including credentials, secret keys, and database information.
Recommendations Ensure the /api vedo/configuration/config.yml file is appropriately secured to prevent unauthorized access.

Exploit

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2025-51055

Affected Products

Vedo Suite