Access Control Vulnerability in TSplus Remote Access by TSplus
CVE-2025-5922

4.8MEDIUM

Key Information:

Vendor: Tsplus
Status: Tsplus Remote Access
Vendor: CVE Published:; 29 July 2025

What is CVE-2025-5922?

An access control vulnerability exists in the TSplus Remote Access Admin Tool, primarily affecting versions prior to v18.40.6.17. The vulnerability allows unauthorized access to sensitive information due to the improper handling of the PIN code's hash, which is stored in an accessible system registry without adequate protection. This oversight facilitates brute-force attacks and exploitation through rainbow tables since the hash is unprotected and not salted. Users of older and Long-Term Support versions must implement available updates to secure their systems effectively.

Affected Version(s)

TSplus Remote Access Windows 0

References

https://cert.pl/en/posts/2025/07/CVE-2025-5922

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Jun 9, 2025

Credit

Michał Walkowski, PhD

Tsplus

What is CVE-2025-5922?

Affected Version(s)

References

CVSS V4

Timeline

Credit