Encryption of sensitive data in CapillaryScope missing_CVE-2025-40680

6.9 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values.

Basic Information

ID CVE-2025-40680

Source INCIBE

Published Jul 24, 2025 at 12:14

Modified Jul 24, 2025 at 13:01

Affected Product

Vendor Capillary io

Product CapillaryScope

Affected Versions Capillary io CapillaryScope 0

CWE Classification

CWE-311

References

www.incibe.es /en/incibe-cert/notices/aviso/encryption-sensitive-data-capillaryscope-missing

{
    "lastseen": "",
    "description": "Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values.",
    "published": "2025-07-24T12:14:20.971Z",
    "modified": "2025-07-24T13:01:30.427Z",
    "type": "cve",
    "title": "Encryption of sensitive data in CapillaryScope missing",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/encryption-sensitive-data-capillaryscope-missing",
    "id": "CVE-2025-40680",
    "bulletinFamily": "",
    "cwe": [
        "CWE-311"
    ],
    "cvelist": null,
    "sourceData": "Capillary io CapillaryScope 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CapillaryScope",
    "version": "0",
    "vendor": "Capillary io",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}