CVE-2025-67652

{"id": "CVE-2025-67652", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.8}]}, "published": "2026-01-22T23:15:50.300", "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.json", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-261"}]}], "descriptions": [{"lang": "en", "value": "An attacker with access to the project file could use the exposed \ncredentials to impersonate users, escalate privileges, or gain \nunauthorized access to systems and services. The absence of robust \nencryption or secure handling mechanisms increases the likelihood of \nthis type of exploitation, leaving sensitive information more \nvulnerable."}], "lastModified": "2026-01-26T15:04:14.850", "sourceIdentifier": "ics-cert@hq.dhs.gov"}