CVE-2025-0418 - Vulnerability Details - OpenCVE

Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Valmet	Dna

No data.

No data.

References

Link	Providers
https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418/

History

Tue, 01 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 01 Apr 2025 04:15:00 +0000

Type	Values Removed	Values Added
Description		Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
Title		Valmet DNA user passwords in plain text
Weaknesses		CWE-312
References		https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418/
Metrics		cvssV4_0 `{'score': 5.2, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/R:A/V:D/RE:L/U:Green'}`

MITRE

Status: PUBLISHED

Assigner: NCSC-FI

Published: 2025-04-01T03:59:40.489Z

Updated: 2025-04-01T14:13:12.389Z

Reserved: 2025-01-13T12:24:48.092Z

Link: CVE-2025-0418

Vulnrichment

Updated: 2025-04-01T14:13:09.368Z

NVD

Status : Awaiting Analysis

Published: 2025-04-01T04:15:39.550

Modified: 2025-04-01T20:26:11.547

Link: CVE-2025-0418

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0418", "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "state": "PUBLISHED", "assignerShortName": "NCSC-FI", "dateReserved": "2025-01-13T12:24:48.092Z", "datePublished": "2025-04-01T03:59:40.489Z", "dateUpdated": "2025-04-01T14:13:12.389Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Valmet DNA", "vendor": "Valmet", "versions": [{"lessThanOrEqual": "C2021", "status": "affected", "version": "C2007", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sixtus Leonhardsberger and Felix Eberstaller of LimesSecurity"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Valmet DNA user passwords in plain text. <span style=\"background-color: rgb(255, 255, 255);\">This practice poses a security risk as attackers who gain access to local project data can read the passwords.</span>"}], "value": "Valmet DNA user passwords in plain text.\u00a0This practice poses a security risk as attackers who gain access to local project data can read the passwords."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "baseScore": 5.2, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/R:A/V:D/RE:L/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "shortName": "NCSC-FI", "dateUpdated": "2025-04-01T03:59:40.489Z"}, "references": [{"url": "https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The solution is available from Valmet Automation Customer Service."}], "value": "The solution is available from Valmet Automation Customer Service."}], "source": {"discovery": "EXTERNAL"}, "title": "Valmet DNA user passwords in plain text", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-01T14:04:17.566128Z", "id": "CVE-2025-0418", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T14:13:12.389Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0418", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-01T14:04:17.566128Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T14:13:09.368Z"}}], "cna": {"title": "Valmet DNA user passwords in plain text", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Sixtus Leonhardsberger and Felix Eberstaller of LimesSecurity"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 5.2, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/R:A/V:D/RE:L/U:Green", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Valmet", "product": "Valmet DNA", "versions": [{"status": "affected", "version": "C2007", "versionType": "custom", "lessThanOrEqual": "C2021"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The solution is available from Valmet Automation Customer Service.", "supportingMedia": [{"type": "text/html", "value": "The solution is available from Valmet Automation Customer Service.", "base64": false}]}], "references": [{"url": "https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Valmet DNA user passwords in plain text.\u00a0This practice poses a security risk as attackers who gain access to local project data can read the passwords.", "supportingMedia": [{"type": "text/html", "value": "Valmet DNA user passwords in plain text. <span style=\"background-color: rgb(255, 255, 255);\">This practice poses a security risk as attackers who gain access to local project data can read the passwords.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "shortName": "NCSC-FI", "dateUpdated": "2025-04-01T03:59:40.489Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0418", "state": "PUBLISHED", "dateUpdated": "2025-04-01T14:13:12.389Z", "dateReserved": "2025-01-13T12:24:48.092Z", "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "datePublished": "2025-04-01T03:59:40.489Z", "assignerShortName": "NCSC-FI"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Valmet DNA user passwords in plain text.\u00a0This practice poses a security risk as attackers who gain access to local project data can read the passwords."}], "id": "CVE-2025-0418", "lastModified": "2025-04-01T20:26:11.547", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:D/RE:L/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}]}, "published": "2025-04-01T04:15:39.550", "references": [{"source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "url": "https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418/"}], "sourceIdentifier": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}]}