CVE-2025-58744 (GCVE-0-2025-58744)
Vulnerability from cvelistv5 – Published: 2026-01-20 21:38 – Updated: 2026-01-21 16:14
VLAI
Title
Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture
Summary
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in
Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.
This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://sra.io/advisories |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Milner | ImageDirector Capture |
Affected:
7.0.9.0 , < 7.6.3.25808
(semver)
|
Date Public
2026-01-20 19:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:40:15.461975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T16:14:23.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ImageDirector Capture",
"vendor": "Milner",
"versions": [
{
"lessThan": "7.6.3.25808",
"status": "affected",
"version": "7.0.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asa Reynolds (SRA)"
},
{
"lang": "en",
"type": "finder",
"value": "Rick Console (SRA)"
}
],
"datePublic": "2026-01-20T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Default Credentials, Hard-coded Credentials vulnerability in\u0026nbsp;C2SGlobalSettings.dll in \n\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\n\n\u003cp\u003eThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.\u003c/p\u003e"
}
],
"value": "Use of Default Credentials, Hard-coded Credentials vulnerability in\u00a0C2SGlobalSettings.dll in \n\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\n\nThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
},
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:38:02.361Z",
"orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"shortName": "SRA"
},
"references": [
{
"url": "https://sra.io/advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"assignerShortName": "SRA",
"cveId": "CVE-2025-58744",
"datePublished": "2026-01-20T21:38:02.361Z",
"dateReserved": "2025-09-04T15:27:48.361Z",
"dateUpdated": "2026-01-21T16:14:23.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-58744",
"date": "2026-07-01",
"epss": "0.0013",
"percentile": "0.02941"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-58744\",\"sourceIdentifier\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"published\":\"2026-01-20T22:15:51.890\",\"lastModified\":\"2026-06-17T09:44:51.630\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use of Default Credentials, Hard-coded Credentials vulnerability in\u00a0C2SGlobalSettings.dll in \\n\\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\\n\\nThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.\"},{\"lang\":\"es\",\"value\":\"Uso de Credenciales Predeterminadas, vulnerabilidad de Credenciales Incrustadas en C2SGlobalSettings.dll en Milner ImageDirector Capture en Windows permite el descifrado de archivos de documentos archivados usando credenciales descifradas con una clave de cifrado de aplicaci\u00f3n incrustada.\\n\\nEste problema afecta a ImageDirector Capture: desde 7.0.9.0 antes de 7.6.3.25808.\"}],\"affected\":[{\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"affectedData\":[{\"vendor\":\"Milner\",\"product\":\"ImageDirector Capture\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"Windows\"],\"versions\":[{\"version\":\"7.0.9.0\",\"lessThan\":\"7.6.3.25808\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-21T15:40:15.461975Z\",\"id\":\"CVE-2025-58744\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"},{\"lang\":\"en\",\"value\":\"CWE-1392\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:milner:imagedirector_capture:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.9\",\"versionEndExcluding\":\"7.6.3.25808\",\"matchCriteriaId\":\"8D1B57A0-F2D5-41A7-BA72-4F2FE59FF416\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://sra.io/advisories\",\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58744\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-21T15:40:15.461975Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-21T15:48:31.672Z\"}}], \"cna\": {\"title\": \"Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Asa Reynolds (SRA)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Rick Console (SRA)\"}], \"impacts\": [{\"capecId\": \"CAPEC-191\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-191 Read Sensitive Constants Within an Executable\"}]}, {\"capecId\": \"CAPEC-37\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-37 Retrieve Embedded Sensitive Data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Milner\", \"product\": \"ImageDirector Capture\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.9.0\", \"lessThan\": \"7.6.3.25808\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-01-20T19:00:00.000Z\", \"references\": [{\"url\": \"https://sra.io/advisories\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use of Default Credentials, Hard-coded Credentials vulnerability in\\u00a0C2SGlobalSettings.dll in \\n\\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\\n\\nThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use of Default Credentials, Hard-coded Credentials vulnerability in\u0026nbsp;C2SGlobalSettings.dll in \\n\\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\\n\\n\u003cp\u003eThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1392\", \"description\": \"CWE-1392 Use of Default Credentials\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-798\", \"description\": \"CWE-798 Use of Hard-coded Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"57dba5dd-1a03-47f6-8b36-e84e47d335d8\", \"shortName\": \"SRA\", \"dateUpdated\": \"2026-01-20T21:38:02.361Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-58744\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-21T16:14:23.574Z\", \"dateReserved\": \"2025-09-04T15:27:48.361Z\", \"assignerOrgId\": \"57dba5dd-1a03-47f6-8b36-e84e47d335d8\", \"datePublished\": \"2026-01-20T21:38:02.361Z\", \"assignerShortName\": \"SRA\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…