CVE-2025-5922

MEDIUM

TSplus Remote Access Admin Tool <18.40.6.17 - Info Disclosure

Title source: llm

Description

Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted. LTS (Long-Term Support) versions also received patches in v17.2025.6.27 and v16.2025.6.27 releases.

References (1)

[Various Sources] https://cert.pl/en/posts/2025/07/CVE-2025-5922

Scores

CVSS v4 4.8

EPSS 0.0001

EPSS Percentile 3.1%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522 CWE-759

Status published

Products (3)

TSplus/TSplus Remote Access < v16.2025.6.27

TSplus/TSplus Remote Access < v17.2025.6.27

TSplus/TSplus Remote Access < v18.40.6.17

Published Jul 29, 2025

Tracked Since Feb 18, 2026