Use of a hardcoded static key to protect sensitive data...

6.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Description

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.

Basic Information

ID CVE-2025-57796

Source Mandiant

Published Jan 28, 2026 at 17:47

Modified Jan 28, 2026 at 18:11

Affected Product

Vendor Explorance

Product Blue

Affected Versions Explorance Blue 0

CWE Classification

CWE-257

References

{
    "lastseen": "",
    "description": "Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.",
    "published": "2026-01-28T17:47:56.607Z",
    "modified": "2026-01-28T18:11:13.946Z",
    "type": "cve",
    "title": "Use of a hardcoded static key to protect sensitive data in Explorance Blue",
    "source": "Mandiant",
    "references": "https://www.explorance.com/products/blue\nhttps://online-help.explorance.com/blue/articles/security-advisories-(january-2026)\nhttps://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57796\nhttps://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0005.md",
    "id": "CVE-2025-57796",
    "bulletinFamily": "",
    "cwe": [
        "CWE-257"
    ],
    "cvelist": null,
    "sourceData": "Explorance Blue 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Blue",
    "version": "0",
    "vendor": "Explorance",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Use of a hardcoded static key to protect sensitive data in Explorance Blue_CVE-2025-57796