{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14816", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "dateReserved": "2025-12-17T02:11:38.277Z", "datePublished": "2026-04-08T13:23:41.344Z", "dateUpdated": "2026-04-08T16:04:26.135Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2026-04-08T13:23:41.344Z"}, "title": "Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-317", "description": "CWE-317 Cleartext Storage of Sensitive Information in GUI", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Information Disclosure, Tampering, and Denial-of-Service"}]}], "affected": [{"vendor": "Mitsubishi Electric Corporation", "product": "GENESIS64", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "GENESIS64", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "ICONICS Suite", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "ICONICS Suite", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MobileHMI", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "MobileHMI", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "Hyper Historian", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "Hyper Historian", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "AnalytiX", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "AnalytiX", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "GENESIS", "versions": [{"status": "affected", "version": "versions 11.02 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "GENESIS", "versions": [{"status": "affected", "version": "versions 11.02 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MC Works64", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."}]}], "references": [{"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01", "tags": ["government-resource"]}, {"url": "https://jvn.jp/vu/JVNVU90646130/", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T16:04:20.566011Z", "id": "CVE-2025-14816", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T16:04:26.135Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14816", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T16:04:20.566011Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T16:04:23.571Z"}}], "cna": {"title": "Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64", "source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Information Disclosure, Tampering, and Denial-of-Service"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mitsubishi Electric Corporation", "product": "GENESIS64", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "GENESIS64", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "ICONICS Suite", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "ICONICS Suite", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MobileHMI", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "MobileHMI", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "Hyper Historian", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "Hyper Historian", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "AnalytiX", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "AnalytiX", "versions": [{"status": "affected", "version": "versions 10.97.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "GENESIS", "versions": [{"status": "affected", "version": "versions 11.02 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Iconics Digital Solutions", "product": "GENESIS", "versions": [{"status": "affected", "version": "versions 11.02 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MC Works64", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01", "tags": ["government-resource"]}, {"url": "https://jvn.jp/vu/JVNVU90646130/", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.", "supportingMedia": [{"type": "text/html", "value": "Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-317", "description": "CWE-317 Cleartext Storage of Sensitive Information in GUI"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2026-04-08T13:23:41.344Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14816", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:04:26.135Z", "dateReserved": "2025-12-17T02:11:38.277Z", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "datePublished": "2026-04-08T13:23:41.344Z", "assignerShortName": "Mitsubishi"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system."}], "id": "CVE-2025-14816", "lastModified": "2026-04-08T14:16:24.887", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}, "published": "2026-04-08T14:16:24.887", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://jvn.jp/vu/JVNVU90646130/"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-097-01"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-023_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-317"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-08T14:36:16.404350+00:00", "value": {"mitigation_remediation": ["Visit Mitsubishi Electric\u2019s PSIRT page and download the patch for your product version", "Apply the vendor patch to all impacted systems", "Verify the installed version is greater than the vulnerable releases", "Disable SQL Server authentication or enforce encrypted credential storage if a patch is unavailable as a temporary measure", "Restrict local machine access to authorized personnel only to reduce risk of local account exploitation"], "summary": {"action": "Immediate Patch", "impact": "Credential exposure allowing unauthorized SQL Server access with potential data tampering and denial\u2011of\u2011service"}, "threat_synthesis": {"affected_systems": "The flaw affects Mitsubishi Electric products that include the Hyper Historian Splitter UI. Affected versions are GENESIS64 up to and including 10.97.3, GENESIS up to 11.02, ICONICS Suite up to 10.97.3, MobileHMI up to 10.97.3, Hyper Historian up to 10.97.3, AnalytiX up to 10.97.3, and MC Works64 in all released versions. The same range applies to the Iconics Digital Solutions line (GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, and GENESIS).", "description_and_impact": "This vulnerability is caused by cleartext storage and display of SQL Server credentials in the Hyper Historian Splitter feature. When SQL authentication is used, a local attacker can view these credentials in the application\u2019s GUI. With the credentials, the attacker can log into the SQL Server and potentially read, modify, or delete data, and may trigger a denial\u2011of\u2011service incident. The weakness aligns with CWE\u2011317, which describes insecure storage of sensitive information.", "risk_and_exploitability": "The advisory rates the vulnerability with a CVSS score of 9.3, indicating high severity. The EPSS score is not available, but the lack of a KEV listing does not reduce the threat. Because the attacker must be local, the attack vector is physical or local system access. However, the high severity reflects the potential to compromise SQL Server credentials and thereby obtain full control over critical data, leading to espionage, tampering, or downtime."}}}}, "created": "2026-04-08T19:39:32.687365+00:00", "updated": "2026-04-08T19:39:32.687394+00:00", "vendors": []}