CVE-2025-40680

Medium CVSS 6.9

Overview

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values.

CWE: CWE-311 Published: 2025-07-24T13:15:25.843

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.9 (MEDIUM)
Detected tags: jwt (tag impact: LOW)

Recommended actions:

Use strong algorithms (HS256/RS256), rotate secrets, short expiries.

Overview

Recommended tools

Tags