Insufficiently Protected Credentials in SicommNet BASEC SaaS Platform
CVE-2025-22372

9.3CRITICAL

Key Information:

Vendor

Sicommnet

Status
Basec
Vendor
CVE Published:
14 April 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-22372?

The SicommNet BASEC SaaS platform has a vulnerability related to insufficiently protected credentials that allows attackers to recover passwords. This weakness stems from the improper storage of passwords, which are saved in plain text using reversible encryption. As a result, any user with adequate privileges can easily extract these passwords, posing a significant security risk. This issue impacts all versions of BASEC released since December 14, 2021, emphasizing the need for immediate remediation to protect sensitive user information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BASEC SaaS 14 Dec 2021

References

https://basec.sicomm.net/login/
product
https://csirt.divd.nl/DIVD-2025-00001
third-party-advisory
https://csirt.divd.nl/CVE-2025-22372
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jesse Meijer (DIVD)
Frank Breedijk (DIVD)
JSON
.