Description

Hard-coded credentials in Automai Director could allow remote attackers to gain unauthorized access to the application by using embedded authentication values.

Details

• Product: Automai Director
• Affected Versions: <25.2.0
• Vulnerability Type: CWE-259: Use of Hard-coded Password
• Risk Level: High - CVSS 3.1: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)
• Authentication: Required
• Vendor URL:
• Vendor acknowledged vulnerability: Yes
• Vendor Status: Fixed
• CVE: CVE-2025-46067

Impact

The presence of hard-coded credentials in the application allows anyone who requests these static values to authenticate without authorization checks and potentially gain elevated access. An attacker who discovers these credentials can impersonate legitimate users or services, bypass normal authentication mechanisms and access sensitive data. This may result in unauthorized data disclosure, data manipulation or lateral movement within connected systems.

References

• National Vulnerability Database CVE-2025-46067

Timeline

• 2025-04: Vulnerability reported to the vendor.
• 2025-05: Vendor published a fix for the issue.
• 2026-01: Information about the vulnerability is published.

Credits

• Bastian Recktenwald (Bastian.Recktenwald@ZeroBreach.de)