CVE-2025-58744

Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sra.io/advisories	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:milner:imagedirector_capture:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-20 22:15

Updated : 2026-02-10 16:48

NVD link : CVE-2025-58744

Mitre link : CVE-2025-58744

CVE.ORG link : CVE-2025-58744

JSON object : View

Products Affected

microsoft

windows

milner

imagedirector_capture

CWE

CWE-798

Use of Hard-coded Credentials

CWE-1392

Use of Default Credentials

{"id": "CVE-2025-58744", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "57dba5dd-1a03-47f6-8b36-e84e47d335d8", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-20T22:15:51.890", "references": [{"url": "https://sra.io/advisories", "tags": ["Third Party Advisory"], "source": "57dba5dd-1a03-47f6-8b36-e84e47d335d8"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "57dba5dd-1a03-47f6-8b36-e84e47d335d8", "description": [{"lang": "en", "value": "CWE-798"}, {"lang": "en", "value": "CWE-1392"}]}], "descriptions": [{"lang": "en", "value": "Use of Default Credentials, Hard-coded Credentials vulnerability in\u00a0C2SGlobalSettings.dll in \n\n Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.\n\nThis issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808."}, {"lang": "es", "value": "Uso de Credenciales Predeterminadas, vulnerabilidad de Credenciales Incrustadas en C2SGlobalSettings.dll en Milner ImageDirector Capture en Windows permite el descifrado de archivos de documentos archivados usando credenciales descifradas con una clave de cifrado de aplicaci\u00f3n incrustada.\n\nEste problema afecta a ImageDirector Capture: desde 7.0.9.0 antes de 7.6.3.25808."}], "lastModified": "2026-02-10T16:48:25.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:milner:imagedirector_capture:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D1B57A0-F2D5-41A7-BA72-4F2FE59FF416", "versionEndExcluding": "7.6.3.25808", "versionStartIncluding": "7.0.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "57dba5dd-1a03-47f6-8b36-e84e47d335d8"}