CVE-2025-22896

HIGH

mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-22896. PoCs published by Michael Heinzl, including Metasploit module auxiliary/admin/scada/mypro_mgr_creds.

AI-analyzed exploit summary This Metasploit module exploits a broken authentication vulnerability (CVE-2025-24865) and an information disclosure flaw (CVE-2025-22896) in mySCADA myPRO Manager <= v1.3 to harvest cleartext SMTP credentials via an unauthenticated API endpoint.

Description

mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.

Exploits (1)

metasploit WORKING POC
by Michael Heinzl · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/scada/mypro_mgr_creds.rb

This Metasploit module exploits a broken authentication vulnerability (CVE-2025-24865) and an information disclosure flaw (CVE-2025-22896) in mySCADA myPRO Manager <= v1.3 to harvest cleartext SMTP credentials via an unauthenticated API endpoint.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: mySCADA myPRO Manager <= v1.3
No auth needed
Prerequisites: Network access to the target's web interface (default port 34022)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.6
EPSS 0.3743
EPSS Percentile 97.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-312
Status published
Products (1)
myscada/mypro < 1.4
Published Feb 13, 2025
Tracked Since Feb 18, 2026