CVE-2025-15554 PUBLISHED

Admin Passwords Cached by Browsers in Truesec LAPSWebUI

Assigner: NCSC-FI
Reserved: 02.02.2026 Published: 16.03.2026 Updated: 16.03.2026

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
CVSS Score: 6

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	None	Integrity	High
Attack Requirements	Present	Availability	None	Availability	High
Privileges Required	Low
User Interaction	Passive

CVSS 4.0

Product Status

Vendor	Truesec
Product	LAPSWebUI
Versions	Default: unaffected affected from 0 to 2.4 (excl.) Version 2.4 is unaffected

Workarounds

Make sure the web server hosting LAPSWebUI sets the following HTTP response header: Cache-Control: no-store

Credits

Laban Sköllermark at Reversec Sweden AB finder

References

https://labs.reversec.com/advisories/2026/03/admin-passwords-cached-by-browsers-in-truesec-lapswebui

Problem Types

CWE-525 Use of web browser cache containing sensitive information CWE

Impacts

Escalation of Privileges
Information Disclosure