PT-2026-25675 · Truesec · Lapswebui
Published
2026-03-16
·
Updated
2026-03-16
·
CVE-2025-15552
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Truesec’s LAPSWebUI versions prior to 2.4
Description
A flaw exists in Truesec’s LAPSWebUI that relates to insufficient session expiration. An attacker gaining access to a workstation may be able to elevate their privileges through the disclosure of a local administrator password.
Recommendations
Update Truesec’s LAPSWebUI to version 2.4 or later.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lapswebui