CVE-2025-58742 (GCVE-0-2025-58742)
Vulnerability from cvelistv5 – Published: 2026-01-20 21:36 – Updated: 2026-01-21 16:14
VLAI
Title
Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture
Summary
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://sra.io/advisories | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Milner | ImageDirector Capture |
Affected:
7.0.9 , < 7.6.3.25808
(semver)
|
Date Public
2026-01-20 19:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:40:17.672533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T16:14:33.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "ImageDirector Capture",
"vendor": "Milner",
"versions": [
{
"lessThan": "7.6.3.25808",
"status": "affected",
"version": "7.0.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asa Reynolds (SRA)"
},
{
"lang": "en",
"type": "finder",
"value": "Rick Console (SRA)"
}
],
"datePublic": "2026-01-20T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the \u0027Server\u0027 field to redirect client authentication.\u003cp\u003eThis issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.\u003c/p\u003e"
}
],
"value": "Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the \u0027Server\u0027 field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:36:54.171Z",
"orgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"shortName": "SRA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://sra.io/advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57dba5dd-1a03-47f6-8b36-e84e47d335d8",
"assignerShortName": "SRA",
"cveId": "CVE-2025-58742",
"datePublished": "2026-01-20T21:36:54.171Z",
"dateReserved": "2025-09-04T15:27:48.361Z",
"dateUpdated": "2026-01-21T16:14:33.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-58742",
"date": "2026-06-30",
"epss": "0.00162",
"percentile": "0.0578"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-58742\",\"sourceIdentifier\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"published\":\"2026-01-20T22:15:51.630\",\"lastModified\":\"2026-06-17T09:44:51.390\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the \u0027Server\u0027 field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.\"},{\"lang\":\"es\",\"value\":\"Credenciales Insuficientemente Protegidas, Restricci\u00f3n Inadecuada del Canal de Comunicaci\u00f3n a los Puntos Finales Previstos vulnerabilidad en el di\u00e1logo de Configuraci\u00f3n de Conexi\u00f3n en Milner ImageDirector Capture en Windows permite Adversario en el Medio (AiTM) al modificar el campo \u0027Servidor\u0027 para redirigir la autenticaci\u00f3n del cliente. Este problema afecta a ImageDirector Capture: desde 7.0.9 antes de 7.6.3.25808.\"}],\"affected\":[{\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"affectedData\":[{\"vendor\":\"Milner\",\"product\":\"ImageDirector Capture\",\"defaultStatus\":\"unknown\",\"platforms\":[\"Windows\"],\"versions\":[{\"version\":\"7.0.9\",\"lessThan\":\"7.6.3.25808\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-21T15:40:17.672533Z\",\"id\":\"CVE-2025-58742\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"},{\"lang\":\"en\",\"value\":\"CWE-923\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:milner:imagedirector_capture:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.9\",\"versionEndExcluding\":\"7.6.3.25808\",\"matchCriteriaId\":\"8D1B57A0-F2D5-41A7-BA72-4F2FE59FF416\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://sra.io/advisories\",\"source\":\"57dba5dd-1a03-47f6-8b36-e84e47d335d8\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58742\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-21T15:40:17.672533Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-21T15:48:33.861Z\"}}], \"cna\": {\"title\": \"Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Asa Reynolds (SRA)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Rick Console (SRA)\"}], \"impacts\": [{\"capecId\": \"CAPEC-94\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-94 Adversary in the Middle (AiTM)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.5, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Milner\", \"product\": \"ImageDirector Capture\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.9\", \"lessThan\": \"7.6.3.25808\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2026-01-20T19:00:00.000Z\", \"references\": [{\"url\": \"https://sra.io/advisories\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the \u0027Server\u0027 field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the \u0027Server\u0027 field to redirect client authentication.\u003cp\u003eThis issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-522\", \"description\": \"CWE-522 Insufficiently Protected Credentials\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-923\", \"description\": \"CWE-923 Improper Restriction of Communication Channel to Intended Endpoints\"}]}], \"providerMetadata\": {\"orgId\": \"57dba5dd-1a03-47f6-8b36-e84e47d335d8\", \"shortName\": \"SRA\", \"dateUpdated\": \"2026-01-20T21:36:54.171Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-58742\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-21T16:14:33.073Z\", \"dateReserved\": \"2025-09-04T15:27:48.361Z\", \"assignerOrgId\": \"57dba5dd-1a03-47f6-8b36-e84e47d335d8\", \"datePublished\": \"2026-01-20T21:36:54.171Z\", \"assignerShortName\": \"SRA\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…