{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5922", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2025-06-09T14:00:25.264Z", "datePublished": "2025-07-29T16:54:43.730Z", "dateUpdated": "2025-07-29T18:27:35.763Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["AdminTool"], "platforms": ["Windows"], "product": "TSplus Remote Access", "vendor": "TSplus", "versions": [{"lessThan": "v18.40.6.17", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "v17.2025.6.27", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "v16.2025.6.27", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Micha\u0142 Walkowski, PhD"}], "datePublic": "2025-07-29T16:54:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Access to TSplus Remote Access Admin Tool&nbsp;is restricted to administrators (unless \"Disable UAC\" option is enabled) and requires a PIN code. In versions<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span><span style=\"background-color: rgb(252, 252, 252);\">below&nbsp;v18.40.6.17&nbsp;t</span>he PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted.<br>LTS (Long-Term Support) versions also received patches in&nbsp;v17.2025.6.27 and&nbsp;v16.2025.6.27 releases."}], "value": "Access to TSplus Remote Access Admin Tool\u00a0is restricted to administrators (unless \"Disable UAC\" option is enabled) and requires a PIN code. In versions\u00a0below\u00a0v18.40.6.17\u00a0the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted.\nLTS (Long-Term Support) versions also received patches in\u00a0v17.2025.6.27 and\u00a0v16.2025.6.27 releases."}], "impacts": [{"capecId": "CAPEC-49", "descriptions": [{"lang": "en", "value": "CAPEC-49 Password Brute Forcing"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-759", "description": "CWE-759 Use of a One-Way Hash without a Salt", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-07-29T16:54:43.730Z"}, "references": [{"url": "https://cert.pl/en/posts/2025/07/CVE-2025-5922"}], "source": {"discovery": "EXTERNAL"}, "title": "Retrievable password hash protecting TSplus admin console", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-29T18:09:49.942871Z", "id": "CVE-2025-5922", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T18:27:35.763Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5922", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-29T18:09:49.942871Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T18:27:29.861Z"}}], "cna": {"title": "Retrievable password hash protecting TSplus admin console", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Micha\u0142 Walkowski, PhD"}], "impacts": [{"capecId": "CAPEC-49", "descriptions": [{"lang": "en", "value": "CAPEC-49 Password Brute Forcing"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TSplus", "modules": ["AdminTool"], "product": "TSplus Remote Access", "versions": [{"status": "affected", "version": "0", "lessThan": "v18.40.6.17", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "v17.2025.6.27", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "v16.2025.6.27", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2025-07-29T16:54:00.000Z", "references": [{"url": "https://cert.pl/en/posts/2025/07/CVE-2025-5922"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Access to TSplus Remote Access Admin Tool\u00a0is restricted to administrators (unless \"Disable UAC\" option is enabled) and requires a PIN code. In versions\u00a0below\u00a0v18.40.6.17\u00a0the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted.\nLTS (Long-Term Support) versions also received patches in\u00a0v17.2025.6.27 and\u00a0v16.2025.6.27 releases.", "supportingMedia": [{"type": "text/html", "value": "Access to TSplus Remote Access Admin Tool&nbsp;is restricted to administrators (unless \"Disable UAC\" option is enabled) and requires a PIN code. In versions<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span><span style=\"background-color: rgb(252, 252, 252);\">below&nbsp;v18.40.6.17&nbsp;t</span>he PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted.<br>LTS (Long-Term Support) versions also received patches in&nbsp;v17.2025.6.27 and&nbsp;v16.2025.6.27 releases.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-759", "description": "CWE-759 Use of a One-Way Hash without a Salt"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-07-29T16:54:43.730Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5922", "state": "PUBLISHED", "dateUpdated": "2025-07-29T18:27:35.763Z", "dateReserved": "2025-06-09T14:00:25.264Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2025-07-29T16:54:43.730Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Access to TSplus Remote Access Admin Tool\u00a0is restricted to administrators (unless \"Disable UAC\" option is enabled) and requires a PIN code. In versions\u00a0below\u00a0v18.40.6.17\u00a0the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted.\nLTS (Long-Term Support) versions also received patches in\u00a0v17.2025.6.27 and\u00a0v16.2025.6.27 releases."}, {"lang": "es", "value": "El acceso a TSplus Remote Access Admin Tool est\u00e1 restringido a administradores (a menos que la opci\u00f3n \"Desactivar UAC\" est\u00e9 habilitada) y requiere un c\u00f3digo PIN. En versiones anteriores a la v18.40.6.17, el hash del PIN se almacena en un registro del sistema accesible para usuarios normales, lo que permite realizar un ataque de fuerza bruta mediante tablas Rainbow, ya que el hash no est\u00e1 protegido con sal. Las versiones LTS (soporte a largo plazo) tambi\u00e9n recibieron parches en las versiones v17.2025.6.27 y v16.2025.6.27."}], "id": "CVE-2025-5922", "lastModified": "2025-07-31T18:42:56.503", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2025-07-29T17:15:33.823", "references": [{"source": "cvd@cert.pl", "url": "https://cert.pl/en/posts/2025/07/CVE-2025-5922"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-759"}], "source": "cvd@cert.pl", "type": "Primary"}]}

{}