CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66910_report.md	Exploit Third Party Advisory
https://github.com/turms-im/turms	Product
https://github.com/turms-im/turms/blob/develop/turms-server-common/src/main/java/im/turms/server/common/domain/admin/bo/AdminInfo.java#L34	Product
https://github.com/turms-im/turms/blob/develop/turms-server-common/src/main/java/im/turms/server/common/domain/admin/service/BaseAdminService.java#L237	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:turms-im:turms:0.10.0-snapshot:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-12-19 15:15

Updated : 2026-01-02 19:50

NVD link : CVE-2025-66910

Mitre link : CVE-2025-66910

CVE.ORG link : CVE-2025-66910

JSON object : View

Products Affected

turms-im

turms

CWE

CWE-256

Plaintext Storage of a Password

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2025-66910", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.8}]}, "published": "2025-12-19T15:15:56.790", "references": [{"url": "https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66910_report.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/turms-im/turms", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/turms-im/turms/blob/develop/turms-server-common/src/main/java/im/turms/server/common/domain/admin/bo/AdminInfo.java#L34", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/turms-im/turms/blob/develop/turms-server-common/src/main/java/im/turms/server/common/domain/admin/service/BaseAdminService.java#L237", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-256"}, {"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection."}], "lastModified": "2026-01-02T19:50:30.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:turms-im:turms:0.10.0-snapshot:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9466432E-2863-4A5B-913F-E6E64090F60B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}