Insufficiently Protected Credentials in SicommNet BASEC SaaS Platform
CVE-2025-22372

9.3CRITICAL

Key Information:

Vendor
Sicommnet
Status
Basec
Vendor
CVE Published:
14 April 2025

Badges

👾 Exploit Exists

Summary

The SicommNet BASEC SaaS platform has a vulnerability related to insufficiently protected credentials that allows attackers to recover passwords. This weakness stems from the improper storage of passwords, which are saved in plain text using reversible encryption. As a result, any user with adequate privileges can easily extract these passwords, posing a significant security risk. This issue impacts all versions of BASEC released since December 14, 2021, emphasizing the need for immediate remediation to protect sensitive user information.

Affected Version(s)

BASEC SaaS 14 Dec 2021

References

https://basec.sicomm.net/login/
product
https://csirt.divd.nl/DIVD-2025-00001
third-party-advisory
https://csirt.divd.nl/CVE-2025-22372
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jesse Meijer (DIVD)
Frank Breedijk (DIVD)
.
CVE-2025-22372 : Insufficiently Protected Credentials in SicommNet BASEC SaaS Platform | SecurityVulnerability.io