CVE-2025-40680
Last modified
CVE-2025-40680 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values.. EPSS estimates a 0.07% chance of exploitation in the next 30 days.
Description
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values.
Metrics
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2025-40680?
How severe is CVE-2025-40680?
How do I fix CVE-2025-40680?
Are you affected by CVE-2025-40680?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST