CVE-2025-58742

Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sra.io/advisories	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:milner:imagedirector_capture:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-20 22:15

Updated : 2026-02-10 16:51

NVD link : CVE-2025-58742

Mitre link : CVE-2025-58742

CVE.ORG link : CVE-2025-58742

JSON object : View

Products Affected

microsoft

windows

milner

imagedirector_capture

CWE

CWE-522

Insufficiently Protected Credentials

CWE-923

Improper Restriction of Communication Channel to Intended Endpoints

{"id": "CVE-2025-58742", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "57dba5dd-1a03-47f6-8b36-e84e47d335d8", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-20T22:15:51.630", "references": [{"url": "https://sra.io/advisories", "tags": ["Third Party Advisory"], "source": "57dba5dd-1a03-47f6-8b36-e84e47d335d8"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "57dba5dd-1a03-47f6-8b36-e84e47d335d8", "description": [{"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-923"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808."}, {"lang": "es", "value": "Credenciales Insuficientemente Protegidas, Restricci\u00f3n Inadecuada del Canal de Comunicaci\u00f3n a los Puntos Finales Previstos vulnerabilidad en el di\u00e1logo de Configuraci\u00f3n de Conexi\u00f3n en Milner ImageDirector Capture en Windows permite Adversario en el Medio (AiTM) al modificar el campo 'Servidor' para redirigir la autenticaci\u00f3n del cliente. Este problema afecta a ImageDirector Capture: desde 7.0.9 antes de 7.6.3.25808."}], "lastModified": "2026-02-10T16:51:44.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:milner:imagedirector_capture:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D1B57A0-F2D5-41A7-BA72-4F2FE59FF416", "versionEndExcluding": "7.6.3.25808", "versionStartIncluding": "7.0.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "57dba5dd-1a03-47f6-8b36-e84e47d335d8"}