CVE-2025-65320

HIGH

Abacre Restaurant Point of Sale < 15.0.0.1656 - Cleartext Storage of Sensitive Information in Memory

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-65320. PoCs published by yonathanpy, Smarttfoxx.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-65320, which involves the cleartext storage of sensitive licensing material in process memory in Abacre Restaurant Point of Sale (POS) versions <= 15.0.0.1656. The writeup includes root cause analysis, exploitation steps, and evidence such as memory analysis and activation screenshots.

Description

Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory during an activation attempt.

Exploits (2)

nomisec WRITEUP 1 stars

by yonathanpy · poc

https://github.com/yonathanpy/CVE-2025-65320

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-65320, which involves the cleartext storage of sensitive licensing material in process memory in Abacre Restaurant Point of Sale (POS) versions <= 15.0.0.1656. The writeup includes root cause analysis, exploitation steps, and evidence such as memory analysis and activation screenshots.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Abacre Restaurant Point of Sale (POS) <= 15.0.0.1656

No auth needed

Prerequisites: local access to the machine · debugger (e.g., x64dbg, WinDbg)

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 05, 2026 Full analysis →

nomisec WRITEUP

by Smarttfoxx · poc

https://github.com/Smarttfoxx/CVE-2025-65320

View Code ZIP pw:eip

This repository documents CVE-2025-65320, a cleartext storage of sensitive information in memory vulnerability in Abacre Restaurant POS. It includes evidence of license keys being exposed in process memory during activation, but no exploit code is provided.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Abacre Restaurant Point of Sale (POS) <= 15.0.0.1656

No auth needed

Prerequisites: Access to the target system to attach a debugger or dump process memory

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/Smarttfoxx/CVE-2025--

Broken Link

https://packetstorm.news/files/id/212149

Scores

CVSS v3 7.5

EPSS 0.0021

EPSS Percentile 11.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (1)

abacre/restaurant_point_of_sale < 15.0.0.1656

Published Dec 03, 2025

Tracked Since Feb 18, 2026