CVE-2025-15553 is a security vulnerability identified in Truesec's LAPSWebUI product, specifically in versions before 2.4. The root cause is insufficient session expiration, classified under CWE-613, which refers to inadequate invalidation of sessions after logout or inactivity. The logout functionality in affected versions is non-functional, meaning that sessions remain active beyond intended limits. An attacker who gains access to a workstation where LAPSWebUI is used can exploit this flaw to escalate privileges by retrieving the local administrator password managed by the system. The vulnerability requires the attacker to have some level of authenticated access (low privileges) and user interaction, but once exploited, it can lead to a high confidentiality impact by disclosing sensitive credentials. The CVSS 4.0 vector indicates local attack vector (AV:L), low attack complexity (AC:L), partial attack traceability (AT:P), low privileges required (PR:L), user interaction required (UI:P), and high impact on confidentiality (VC:H) with no impact on integrity or availability. The scope is high, meaning the vulnerability affects components beyond the initially compromised security scope. No public exploits are known at this time, but the vulnerability is published and should be addressed promptly. The lack of a working logout mechanism means sessions can persist, increasing the window for exploitation if a workstation is left unattended or accessed by unauthorized users.

The primary impact of this vulnerability is the unauthorized disclosure of local administrator passwords, which can lead to privilege escalation within an organization's IT environment. This compromises confidentiality and potentially allows attackers to perform administrative actions on affected systems, leading to further compromise, lateral movement, or data exfiltration. Since the vulnerability requires local access and user interaction, the risk is somewhat mitigated by physical or logical access controls, but insider threats or attackers who gain initial footholds on workstations are at significant risk. The persistence of sessions due to non-working logout increases the attack surface by extending the time window for exploitation. Organizations relying on Truesec LAPSWebUI for local admin password management may face increased risk of credential theft and subsequent attacks on critical infrastructure or sensitive data. The medium CVSS score reflects a moderate but non-trivial risk that should not be ignored.

1. Upgrade Truesec LAPSWebUI to version 2.4 or later where the logout functionality and session expiration issues are fixed. 2. Implement strict session timeout policies at the application and network levels to ensure sessions expire after short periods of inactivity. 3. Restrict physical and logical access to workstations running LAPSWebUI to trusted personnel only, minimizing the risk of unauthorized local access. 4. Employ multi-factor authentication (MFA) for accessing LAPSWebUI to reduce the risk of unauthorized session hijacking. 5. Monitor and audit access logs for unusual privilege escalation attempts or session anomalies. 6. Educate users to log out manually and lock their workstations when unattended. 7. Consider network segmentation to isolate systems managing local admin passwords from general user workstations. 8. If patching is delayed, use endpoint protection tools to detect suspicious activities related to credential access or privilege escalation attempts.