CVE-2025-2229
Published: 13 March 2025
Description
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Security Summary
CVE-2025-2229, published on 2025-03-13, involves a vulnerability in token creation where the token is generated using the username, current date/time, and a fixed AES-128 encryption key that remains the same across all installations. This flaw, classified under CWE-1391, carries a CVSS v3.1 base score of 7.7 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). It affects components referenced in CISA's ICS medical advisory ICSMA-25-072-01 and Philips security advisories.
Local attackers can exploit this vulnerability with low attack complexity and no privileges or user interaction required. Exploitation enables high-impact confidentiality and integrity violations, such as unauthorized access to sensitive information or token manipulation to impersonate users.
Mitigation details are provided in the referenced advisories, including https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-072-01 and https://www.philips.com/a-w/security/security-advisories.html.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The fixed-key token generation flaw enables local attackers to manipulate tokens for user impersonation, directly facilitating access token manipulation (T1134) and abuse of valid accounts (T1078).