CVE-2025-22372: Insecure password storage in SicommNet BASEC
First published: Mon Apr 14 2025(Updated: )
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14 Dec 2021.
Credit: csirt@divd.nl
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SicommNet BASEC | >=14 Dec 2021 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-22372?
CVE-2025-22372 is classified as a high severity vulnerability due to the risk of exposing sensitive passwords.
How do I fix CVE-2025-22372?
To address CVE-2025-22372, ensure that passwords are stored securely using strong hashing algorithms rather than reversible encryption.
What are the potential impacts of CVE-2025-22372?
The potential impacts of CVE-2025-22372 include unauthorized access to accounts and data breaches due to the exposure of plaintext passwords.
Which versions of SicommNet BASEC are affected by CVE-2025-22372?
SicommNet BASEC versions from December 14, 2021, onwards are affected by CVE-2025-22372.
Is there a workaround for CVE-2025-22372?
A potential workaround for CVE-2025-22372 is to restrict access to password recovery functionalities until a patch is implemented.
- agent/title
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/author
- agent/source
- agent/severity
- agent/event
- agent/references
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/sicommnet
- canonical/sicommnet basec