CVE-2025-27926

Published: Mar 10, 2025Modified: Jan 29, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.

Affected (1)

Products: Nintex: Automation

Nintex

1 product

Automation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nintex Automation	From 5.6 to 5.8

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (1)

https://help.nintex.com/en-US/platform/ReleaseNotes/K2Five.htm

Source: cve@mitre.org

Release Notes

Timeline

No history available yet.