cvedb.io
CVE-2025-40680
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2025-07-24T13:15:25.843 · Last modified 2026-06-17T09:21:56.993

Summary

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.