CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-25263

In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.7%

CVSS Severity

CVSS v3 Score 5.5

References

http://stimulsoft.com
https://cloud-trustit.spp.at/s/Db8ZfNq2WYiNCHa
https://cves.at/posts/cve-2023-25263/writeup/
http://stimulsoft.com
https://cloud-trustit.spp.at/s/Db8ZfNq2WYiNCHa
https://cves.at/posts/cve-2023-25263/writeup/

Products affected by CVE-2023-25263

Stimulsoft » Designer » Version: 2023.1.4

cpe:2.3:a:stimulsoft:designer:2023.1.4
Stimulsoft » Designer » Version: 2023.1.5

cpe:2.3:a:stimulsoft:designer:2023.1.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-25263

Products

Pricing

Contact Us