CVE-2025-66910

low-risk
Published 2025-12-19

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.

Do I need to act?

-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.0/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Turms

Affected Vendors

Turms-Im

References (4)

Exploit https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66910_report.md
Product https://github.com/turms-im/turms
Product https://github.com/turms-im/turms/blob/develop/turms-server-common/src/main/java...
Product https://github.com/turms-im/turms/blob/develop/turms-server-common/src/main/java...
26
/ 100
low-risk
Severity 20/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal