Information leak in NSRPC client history
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2025-007 | 05/26/2025 | low | v2 |
Vulnerability details
Possible leak of secret information between SNS administrators while using the CLI (command line tool).
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Network Security | low | SNS is impacted |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 12/29/2025 | Initial release |
| v2 | 05/21/2026 | Published as disclosed |
Stormshield Network Security |
CVSS v3.1 Overall Score: 3.8
|
Analysis |
Impacted version |
|
There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password. |
|
Workaround solution |
Solution |
|
There is no workaround solution. |
The following updates will fix this vulnerability:
|
| Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope | Confidentiality Impact | Integrity Impact | Availability impact |
|---|---|---|---|---|---|---|---|
| Adjacent Network | Low | High | Required | Unchanged | High | None | None |
| CVSS Base score: 4.3 | CVSS Vector: (AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N) |
| Exploit Code Maturity | Remediation Level | Report Confidence |
|---|---|---|
| Unproven that exploit exists | Official fix | Confirmed |
| CVSS Temporal score: 3.8 | CVSS Vector: (AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C) |
| Confidentiality Requirement (CR) | Integrity Requirement (IR) | Availability Requirement (AR) |
|---|---|---|
| Medium | Low | Low |
| CVSS Environmental score: 3.8 | CVSS Vector: (AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C/CR:M/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X) |