CVE-2025-60791

Medium CVSS: 6.2

Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump and then they can be used to activate the software on the same machine without purchasing.

Vendor

Product

CWE

CWE-316

Yayın Tarihi

2025-10-27 16:15:42

Güncelleme

2025-10-30 15:05:50

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-316 MEDIUM 2025

Referanslar

https://packetstorm.news/files/id/210832 https://sourceforge.net/projects/easyworkaccounting/