Unrated severityNVD Advisory· Published May 19, 2025· Updated Sep 3, 2025

Hardcoded Key Revealed in ConnectWise Password Encryption Utility

CVE-2025-4876

Description

ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Connectwise/Risk Assessmentllm-create2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: All versions prior to deprecation (July 2023)

Patches

Vulnerability mechanics

References

github.com/packetlabs/vulnerability-advisory/blob/main/Disclosures/PL-2025-11315/README.mdmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000