CVE-2025-0714

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 17, 2025

Updated: Feb 19, 2025

CWE ID 1204

Summary

CVE-2025-0714 is a vulnerability affecting Mobatek's MobaXterm password storage in versions below 25.0. The issue lies in the use of identical initialization vectors (IV) and master keys to encrypt each password separately. In the default configuration, the user's password is used as the master key, making both keys predictable. Consequently, the Advanced Encryption Standard CFB ciphertext relies solely on the plaintext (the password), making it easier for attackers to obtain sensitive information and decrypt data at rest.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2wFeVF
https://www.cve.org/CVERecord?id=CVE-2025-0714
https://nvd.nist.gov/vuln/detail/CVE-2025-0714

Back to Vulnerability Database

CVE-2025-0714

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations