CVE-2025-15554 is a vulnerability identified in Truesec's LAPSWebUI product, specifically in versions prior to 2.4. The root cause is the improper handling of sensitive information—local administrator passwords managed by LAPSWebUI—that are cached in the web browser. This caching behavior violates secure design principles by allowing sensitive credentials to be stored in a location accessible to other processes or users on the same workstation. The vulnerability is classified under CWE-525, which concerns the use of web browser cache containing sensitive information. An attacker with local access to a workstation where LAPSWebUI is used can exploit this flaw to retrieve cached passwords and escalate their privileges to local administrator level. The CVSS 4.0 vector indicates that the attack requires local access (AV:L), low attack complexity (AC:L), privileges (PR:L), and user interaction (UI:P). The vulnerability has a high impact on confidentiality (VC:H) but no impact on integrity or availability. The scope is high (SI:H), meaning the vulnerability affects components beyond the initially vulnerable component, and security requirements for integrity and availability are high (SI:H, SA:H). No known exploits have been reported in the wild, but the risk remains significant due to the sensitive nature of the cached credentials. The vulnerability was published on March 16, 2026, and assigned by NCSC-FI. There are no patch links provided, but upgrading to LAPSWebUI version 2.4 or later is implied as a remediation step.

The primary impact of CVE-2025-15554 is the compromise of local administrator credentials through browser cache disclosure. This can lead to privilege escalation on affected workstations, enabling attackers to gain full control over local systems. Such access can facilitate lateral movement within an organization's network, potentially leading to broader compromise. Confidentiality is severely impacted as sensitive passwords are exposed. While integrity and availability are not directly affected by this vulnerability, the elevated privileges gained can be leveraged to disrupt or manipulate systems. Organizations relying on LAPSWebUI for local admin password management face increased risk of insider threats or attackers who gain initial local access. The vulnerability could undermine trust in endpoint security controls and complicate incident response efforts. Although no active exploits are known, the ease of exploitation with local access and user interaction means that attackers with limited privileges could escalate quickly, increasing the threat surface.

To mitigate CVE-2025-15554, organizations should immediately upgrade Truesec LAPSWebUI to version 2.4 or later, where the caching issue is resolved. Additionally, implement strict browser cache control policies, such as disabling caching for sensitive web application pages via HTTP headers (e.g., Cache-Control: no-store, no-cache, must-revalidate). Enforce endpoint security measures that restrict local user access and monitor for unusual privilege escalation attempts. Use application whitelisting and endpoint detection and response (EDR) tools to detect suspicious access to cached browser data. Educate users about the risks of leaving sessions open and encourage logging out after use. Regularly audit local workstations for cached sensitive data and clear browser caches periodically. Consider isolating LAPSWebUI access to dedicated secure workstations with hardened configurations to reduce exposure. Finally, implement multi-factor authentication and least privilege principles to limit the impact of compromised credentials.