← back
CVE-2025-27926

CVE-2025-27926

CVSS 4.3 MEDIUMEPSS 0.3%CWE-276
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Mar 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected products
Nintex · Automation

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://help.nintex.com/en-US/platform/ReleaseNotes/K2Five.htm