CVE-2025-9982

HIGH

QuickCMS 6.8 - Plaintext Password Storage in Configuration File

Title source: llm

Description

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege escalation. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

References (2)

Core 2

Core References

Third Party Advisory

https://cert.pl/posts/2025/11/CVE-2025-9982

Product

https://opensolution.org/cms-system-quick-cms.html

Scores

CVSS v3 7.5

EPSS 0.0024

EPSS Percentile 15.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-256

Status published

Products (1)

opensolution/quick.cms 6.8

Published Nov 14, 2025

Tracked Since Feb 18, 2026