{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14815", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "dateReserved": "2025-12-17T01:59:30.824Z", "datePublished": "2026-04-08T13:15:30.168Z", "dateUpdated": "2026-04-08T16:03:44.001Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2026-04-08T13:20:28.394Z"}, "title": "Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Information Disclosure, Tampering, and Denial-of-Service"}]}], "affected": [{"vendor": "Mitsubishi Electric Corporation", "product": "GENESIS64", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "GENESIS64", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "ICONICS Suite", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "ICONICS Suite", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MobileHMI", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "MobileHMI", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "Hyper Historian", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "Hyper Historian", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "AnalytiX", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "AnalytiX", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "GENESIS", "versions": [{"status": "affected", "version": "versions 11.02 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "GENESIS", "versions": [{"status": "affected", "version": "versions 11.02 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MC Works64", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."}]}], "references": [{"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf", "tags": ["vendor-advisory"]}, {"url": "https://jvn.jp/vu/JVNVU90646130/", "tags": ["government-resource"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T16:03:37.502980Z", "id": "CVE-2025-14815", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T16:03:44.001Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14815", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T16:03:37.502980Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T16:03:40.996Z"}}], "cna": {"title": "Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64", "source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Information Disclosure, Tampering, and Denial-of-Service"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mitsubishi Electric Corporation", "product": "GENESIS64", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "GENESIS64", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "ICONICS Suite", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "ICONICS Suite", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MobileHMI", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "MobileHMI", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "Hyper Historian", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "Hyper Historian", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "AnalytiX", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "AnalytiX", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "GENESIS", "versions": [{"status": "affected", "version": "versions 11.02 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "GENESIS", "versions": [{"status": "affected", "version": "versions 11.02 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MC Works64", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf", "tags": ["vendor-advisory"]}, {"url": "https://jvn.jp/vu/JVNVU90646130/", "tags": ["government-resource"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.", "supportingMedia": [{"type": "text/html", "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2026-04-08T13:20:28.394Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14815", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:03:44.001Z", "dateReserved": "2025-12-17T01:59:30.824Z", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "datePublished": "2026-04-08T13:15:30.168Z", "assignerShortName": "Mitsubishi"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials stored in plaintext within the local SQLite file by exploiting this vulnerability, when the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."}], "id": "CVE-2025-14815", "lastModified": "2026-04-08T21:26:13.410", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}, "published": "2026-04-08T14:16:24.650", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://jvn.jp/vu/JVNVU90646130/"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-08T15:05:22.438207+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011provided security patch for the affected product version", "Verify that local SQLite caching is disabled or that any cached credentials are removed", "Ensure that the SQL Server credentials are stored securely and not in plaintext"], "summary": {"action": "Apply Patch", "impact": "Local disclosure of cleartext SQL credentials leading to possible data tampering and denial\u2011of\u2011service"}, "threat_synthesis": {"affected_systems": "The affected products include Mitsubishi Electric Corporation and Iconics Digital Solutions releases such as GENESIS, GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, and MC Works64. Vulnerabilities exist in versions 10.97.3 and earlier for GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, and AnalytiX; versions 11.02 and earlier for GENESIS; and all versions of MC Works64 where local SQLite caching is enabled. Any installation running these versions with SQL authentication and local caching presents the risk.", "description_and_impact": "This vulnerability arises from storing SQL Server credentials in plain text within a local SQLite cache file used by multiple Mitsubishi Electric control system products. A local attacker with file system access can read those credentials, authenticate to the SQL Server, and then read, modify, or delete data hosted there. The information exposure can also be leveraged to cause a denial\u2011of\u2011service condition by corrupting or deleting critical configuration data. The weakness corresponds to cleartext storage of sensitive information (CWE\u2011312).", "risk_and_exploitability": "The CVSS score of 9.3 indicates a high\u2011severity flaw suitable for exploitation by a local attacker. EPSS information is unavailable, but the vulnerability is not currently listed in the CISA KEV catalog, suggesting no widespread exploitation reports yet. Exploitation requires local access to the file system where the SQLite cache resides; it can be carried out by reading the sensitive file, which is typically accessible to users with sufficient privileges. Consequently, the risk is significant for systems with exposed local storage, and the impact can cascade from credential theft to full data compromise or denial of service."}}}}, "created": "2026-04-08T19:39:33.738955+00:00", "updated": "2026-04-08T19:39:33.738984+00:00", "vendors": []}