CVE-2025-14823 in ScreenConnect정보

요약

\~에 의해 MITRE • 2025. 12. 18.

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored at rest; however, an encrypted representation could be exposed in client responses. Updating the Certificate Signing Extension to version 1.0.12 or higher ensures configuration handling occurs exclusively on the server side, preventing encrypted values from being transmitted to or rendered by client-side components.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

ConnectWise

예약하다

2025. 12. 17.

공개

2025. 12. 18.

모더레이션

수락

항목

VDB-337402

CPE

준비됨

CWE

CWE-201 (확인됨)

CVSS

5.3 (CNA)

EPSS

0.00043

KEV

아니요

활동

매우 낮음

부문

Finance, Insurance, ...

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-14823
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-14823
CVE Details	https://www.cvedetails.com/cve/CVE-2025-14823/

◂ 이전 개요 다음 ▸

Want to know what is going to be exploited?

We predict KEV entries!