CVE-2025-58744 (GCVE-0-2025-58744)

Vulnerability from cvelistv5 – Published: 2026-01-20 21:38 – Updated: 2026-01-21 16:14
VLAI
Title
Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture
Summary
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1392 - Use of Default Credentials
  • CWE-798 - Use of Hard-coded Credentials
Assigner
SRA
References
Impacted products
Vendor Product Version
Milner ImageDirector Capture Affected: 7.0.9.0 , < 7.6.3.25808 (semver)
Create a notification for this product.
Date Public
2026-01-20 19:00
Credits
Asa Reynolds (SRA) Rick Console (SRA)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58744",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T15:40:15.461975Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T16:14:23.574Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "ImageDirector Capture",
          "vendor": "Milner",
          "versions": [
            {
              "lessThan": "7.6.3.25808",
              "status": "affected",
              "version": "7.0.9.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Asa Reynolds (SRA)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Rick Console (SRA)"
        }
      ],
      "datePublic": "2026-01-20T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of Default Credentials, Hard-coded Credentials vulnerability in\u0026nbsp;C2SGlobalSettings.dll in \n\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\n\n\u003cp\u003eThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.\u003c/p\u003e"
            }
          ],
          "value": "Use of Default Credentials, Hard-coded Credentials vulnerability in\u00a0C2SGlobalSettings.dll in \n\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\n\nThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-191",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-191 Read Sensitive Constants Within an Executable"
            }
          ]
        },
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392 Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-20T21:38:02.361Z",
        "orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
        "shortName": "SRA"
      },
      "references": [
        {
          "url": "https://sra.io/advisories"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
    "assignerShortName": "SRA",
    "cveId": "CVE-2025-58744",
    "datePublished": "2026-01-20T21:38:02.361Z",
    "dateReserved": "2025-09-04T15:27:48.361Z",
    "dateUpdated": "2026-01-21T16:14:23.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-58744",
      "date": "2026-07-01",
      "epss": "0.0013",
      "percentile": "0.02941"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-58744\",\"sourceIdentifier\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"published\":\"2026-01-20T22:15:51.890\",\"lastModified\":\"2026-06-17T09:44:51.630\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use of Default Credentials, Hard-coded Credentials vulnerability in\u00a0C2SGlobalSettings.dll in \\n\\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\\n\\nThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.\"},{\"lang\":\"es\",\"value\":\"Uso de Credenciales Predeterminadas, vulnerabilidad de Credenciales Incrustadas en C2SGlobalSettings.dll en Milner ImageDirector Capture en Windows permite el descifrado de archivos de documentos archivados usando credenciales descifradas con una clave de cifrado de aplicaci\u00f3n incrustada.\\n\\nEste problema afecta a ImageDirector Capture: desde 7.0.9.0 antes de 7.6.3.25808.\"}],\"affected\":[{\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"affectedData\":[{\"vendor\":\"Milner\",\"product\":\"ImageDirector Capture\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"Windows\"],\"versions\":[{\"version\":\"7.0.9.0\",\"lessThan\":\"7.6.3.25808\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-21T15:40:15.461975Z\",\"id\":\"CVE-2025-58744\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"},{\"lang\":\"en\",\"value\":\"CWE-1392\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:milner:imagedirector_capture:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.9\",\"versionEndExcluding\":\"7.6.3.25808\",\"matchCriteriaId\":\"8D1B57A0-F2D5-41A7-BA72-4F2FE59FF416\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://sra.io/advisories\",\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58744\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-21T15:40:15.461975Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-21T15:48:31.672Z\"}}], \"cna\": {\"title\": \"Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Asa Reynolds (SRA)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Rick Console (SRA)\"}], \"impacts\": [{\"capecId\": \"CAPEC-191\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-191 Read Sensitive Constants Within an Executable\"}]}, {\"capecId\": \"CAPEC-37\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-37 Retrieve Embedded Sensitive Data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Milner\", \"product\": \"ImageDirector Capture\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.9.0\", \"lessThan\": \"7.6.3.25808\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-01-20T19:00:00.000Z\", \"references\": [{\"url\": \"https://sra.io/advisories\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use of Default Credentials, Hard-coded Credentials vulnerability in\\u00a0C2SGlobalSettings.dll in \\n\\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\\n\\nThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use of Default Credentials, Hard-coded Credentials vulnerability in\u0026nbsp;C2SGlobalSettings.dll in \\n\\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\\n\\n\u003cp\u003eThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1392\", \"description\": \"CWE-1392 Use of Default Credentials\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-798\", \"description\": \"CWE-798 Use of Hard-coded Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"57dba5dd-1a03-47f6-8b36-e84e47d335d8\", \"shortName\": \"SRA\", \"dateUpdated\": \"2026-01-20T21:38:02.361Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-58744\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-21T16:14:23.574Z\", \"dateReserved\": \"2025-09-04T15:27:48.361Z\", \"assignerOrgId\": \"57dba5dd-1a03-47f6-8b36-e84e47d335d8\", \"datePublished\": \"2026-01-20T21:38:02.361Z\", \"assignerShortName\": \"SRA\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…