PT-2026-25677 · Truesec · Lapswebui
Published
2026-03-16
·
Updated
2026-03-16
·
CVE-2025-15554
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Truesec’s LAPSWebUI versions prior to 2.4
Description
The software stores Local Admin Password Solution (LAPS) passwords in the browser cache. An attacker gaining access to a workstation can potentially elevate their privileges by obtaining these disclosed local administrator passwords.
Recommendations
Update Truesec’s LAPSWebUI to version 2.4 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lapswebui