CVE-2026-25600 – Credential Exposure Vulnerability in Trac PDBM

CVE ID :CVE-2026-25600

Published : June 1, 2026, 11:16 a.m. | 1 hour, 16 minutes ago

Description :The PDBM application relies on a static, hard‑coded secret embedded
in the PDBM.exe executable. This secret is used by the application’s
encryption routines, including the function responsible for decrypting
credentials stored in the product’s configuration file. Because the
secret is constant across installations, any attacker with sufficient
local privileges can extract it from the binary. Once obtained, the secret allows the attacker to decrypt the stored
password and authenticate as the user defined in the configuration file.
In the affected version, this user account is configured with
administrative privileges, granting full access to PDBM’s management
interface and its underlying operational functions.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-49328 – Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF

CVE-2026-25599 – Missing authentication and clear‑text data transmission affecting Orca heat pumps

CVE-2026-10250 – itsourcecode Online Blood Bank Management System campsdetails.php sql injection

CVE-2026-10249 – itsourcecode Online Blood Bank Management System viewrequest.php sql injection