CVE-2025-40680 is a vulnerability identified in CapillaryScope version 2.5.0, a product by Capillary io. The core issue is the absence of encryption for sensitive data stored on the Windows operating system registry. Specifically, proxy credentials and JWT session tokens are stored in plaintext within different registry keys. This vulnerability falls under CWE-311, which concerns missing encryption of sensitive data. Because these credentials and tokens are stored unencrypted, any authenticated local user with read access to the Windows registry can extract these sensitive values without needing elevated privileges or user interaction. The vulnerability has a CVSS v4.0 base score of 6.9, indicating a medium severity level. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and low privileges (PR:L), but no user interaction (UI:N). The impact is high on confidentiality (VC:H), low on integrity (VI:L), and none on availability (VA:N). The scope is unchanged (SC:N), and there are no known exploits in the wild as of the publication date. The vulnerability enables potential credential theft, which could lead to unauthorized access to proxy services or session hijacking, depending on how the JWT tokens are used within the environment. Since the tokens and credentials are stored in the registry, this vulnerability is particularly relevant in environments where multiple users have local access or where endpoint security is weak. The lack of encryption means that even users with limited privileges can compromise sensitive authentication data, potentially escalating their access or moving laterally within the network. No patches or mitigations have been officially published yet, increasing the urgency for organizations to implement compensating controls.

For European organizations, the impact of CVE-2025-40680 can be significant, especially in sectors where CapillaryScope is deployed for monitoring or proxy management. The exposure of proxy credentials and JWT tokens can lead to unauthorized access to internal or external network resources, potentially enabling attackers to bypass security controls or impersonate legitimate users. This could result in data breaches, unauthorized data exfiltration, or disruption of business processes. Organizations with shared workstations or environments where multiple users have local access are at higher risk. Additionally, if the compromised JWT tokens are used for session management in critical applications, attackers could hijack sessions and escalate privileges. Given the medium severity and local attack vector, the threat is more pronounced in environments with weak endpoint security or insufficient user access controls. The absence of encryption also raises compliance concerns under GDPR and other European data protection regulations, as sensitive authentication data is inadequately protected. Failure to address this vulnerability could lead to regulatory penalties and reputational damage.

To mitigate CVE-2025-40680, European organizations should implement the following specific measures: 1) Restrict local user access to the Windows registry keys where CapillaryScope stores sensitive data by applying strict Access Control Lists (ACLs) to limit read permissions only to necessary system accounts. 2) Employ endpoint protection solutions that monitor and alert on unauthorized registry access attempts. 3) Use application whitelisting and privilege management to prevent unauthorized users from running tools that can read registry data. 4) Where possible, isolate systems running CapillaryScope to trusted users only and avoid shared user environments. 5) Monitor logs for unusual local access patterns or attempts to extract credentials. 6) Engage with Capillary io to obtain patches or updates that encrypt sensitive data storage; until then, consider encrypting sensitive configuration data externally or using secure vault solutions integrated with CapillaryScope if supported. 7) Conduct regular audits of local user privileges and registry permissions to ensure compliance with the principle of least privilege. 8) Educate users about the risks of local credential exposure and enforce strong endpoint security policies. These steps go beyond generic advice by focusing on registry access controls, endpoint monitoring, and organizational policies tailored to the specific vulnerability context.