CVE-2026-25601

Name of the Vulnerable Software and Affected Versions MEPIS RM (affected versions not specified)

Description A security issue was found in MEPIS RM, an industrial software product by Metronik. The software includes a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords is enabled, this key is used to encrypt user passwords before they are stored in the application’s database. An attacker with the necessary privileges to access the database could extract the encrypted passwords, decrypt them using the embedded key, and gain unauthorized access to the associated ICS/OT environment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.