CVE-2025-60791 identifies a security vulnerability in Easywork Enterprise version 2.1.3.354 related to the cleartext storage of sensitive license keys in process memory. Specifically, when a user attempts to activate the software and the activation fails, the application fails to securely erase or protect the device-bound license keys from memory. These keys remain accessible in the process's memory space, allowing an attacker with local access to the machine to extract them by attaching a debugger or analyzing a memory dump. Once obtained, these license keys can be reused to activate the software on the same machine without purchasing a valid license, effectively enabling software piracy. The vulnerability does not require network access or remote exploitation; it requires local access and the ability to perform debugging or memory analysis. No CVSS score has been assigned yet, and no patches or fixes have been published by the vendor. There are no known exploits in the wild at this time. The flaw primarily impacts the confidentiality of licensing information, which could lead to unauthorized software use and potential financial losses for software vendors and organizations relying on license compliance. The vulnerability highlights a weakness in how Easywork Enterprise handles sensitive data in memory, emphasizing the need for secure memory management and proper clearing of sensitive data after failed operations.

For European organizations, this vulnerability could lead to unauthorized use of Easywork Enterprise software through license key theft, resulting in financial losses due to software piracy and potential compliance violations. Organizations relying on Easywork Enterprise for critical business functions may face operational risks if license management is compromised. Although the vulnerability does not directly impact system integrity or availability, the exposure of license keys undermines software asset management and could facilitate further unauthorized software deployment within an organization. This may also affect contractual and legal compliance with software licensing agreements. The requirement for local access limits the threat to insider threats or attackers who have already compromised endpoint security. However, in environments with shared workstations or insufficient endpoint protection, the risk increases. The lack of patches means organizations must rely on compensating controls until a vendor fix is available.

To mitigate this vulnerability, organizations should implement strict access controls to prevent unauthorized local access to machines running Easywork Enterprise. Endpoint security solutions should be configured to detect and block debugging tools or suspicious memory analysis activities. Employing application whitelisting and restricting the use of debuggers to trusted administrators can reduce exploitation risk. Regular monitoring of system logs for unusual process behavior or memory dump creation is advised. Organizations should also enforce strong physical security policies to prevent unauthorized access to devices. Until a vendor patch is released, consider isolating systems running Easywork Enterprise or using virtualized environments with snapshot capabilities to limit exposure. Engage with the software vendor to obtain updates or guidance and apply patches promptly once available. Additionally, educating users about the risks of failed activation attempts and ensuring proper software licensing management can help reduce the attack surface.