CVE-2025-60791 is a vulnerability in Easywork Enterprise version 2.1.3.354 involving the cleartext storage of sensitive license key information in process memory. Specifically, when a license activation attempt fails, the application leaves valid device-bound license keys in memory without encryption or obfuscation. An attacker with local access to the affected system can attach a debugger or capture a memory dump to extract these keys. Since the keys are device-bound, they can only be used to activate the software on the same machine, bypassing the need to purchase a license. The vulnerability is classified under CWE-316 (Cleartext Storage of Sensitive Information). The CVSS v3.1 score is 6.2, reflecting a medium severity with a high confidentiality impact but no impact on integrity or availability. Exploitation requires local access but no privileges or user interaction. There are no known exploits in the wild and no patches currently available, increasing the importance of mitigation through access controls and monitoring. This vulnerability primarily threatens software licensing integrity and could lead to unauthorized software use and potential compliance violations.

For European organizations, this vulnerability poses a risk primarily to software licensing compliance and financial controls. Unauthorized extraction and reuse of license keys can lead to unlicensed software usage, potentially violating software agreements and exposing organizations to legal and financial penalties. While the vulnerability does not directly impact system integrity or availability, it undermines the licensing enforcement mechanism, which could encourage software piracy within the organization. Organizations with strict software asset management policies may face audit failures or reputational damage if unauthorized activations are detected. The risk is heightened in environments where local access controls are weak or where endpoint security monitoring is insufficient. However, since exploitation requires local access and is limited to the same device, remote attackers or widespread compromise are unlikely. The vulnerability is less critical for organizations that do not use Easywork Enterprise or have robust endpoint security and access restrictions in place.

To mitigate CVE-2025-60791, European organizations should implement strict local access controls to prevent unauthorized users from accessing systems running Easywork Enterprise. Endpoint security solutions should be configured to detect and alert on debugging tools or suspicious memory analysis activities. Organizations should enforce least privilege principles, limiting user permissions to reduce the risk of local exploitation. Regular monitoring of software license usage and audit logs can help detect anomalies indicating unauthorized activations. Until a vendor patch is released, consider isolating systems running the vulnerable software or using application whitelisting to prevent unauthorized debugging. Engage with the software vendor to obtain updates or patches addressing this vulnerability. Additionally, educate IT staff about the risks of memory analysis attacks and ensure physical security controls are robust to prevent unauthorized physical access to devices.