CVE-2025-57796

MEDIUM

Explorance Blue <8.14.12 - Info Disclosure

Title source: llm

Description

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.

References (4)

[Third Party Advisory] https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0005.md

View Writeup ZIP pw:eip

[Vendor Advisory] https://online-help.explorance.com/blue/articles/security-advisories-(january-2026)

[Vendor Advisory] https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57796

[Product] https://www.explorance.com/products/blue

Scores

CVSS v3 6.8

EPSS 0.0002

EPSS Percentile 5.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-257

Status published

Affected Products (1)

explorance/blue < 8.14.12

Timeline

Published Jan 28, 2026

Tracked Since Feb 18, 2026