CVE-2025-66910 identifies a security vulnerability in the Turms Server software, specifically versions v0.10.0-SNAPSHOT and earlier. The vulnerability arises from the BaseAdminService class caching administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. After an administrator successfully logs in, their raw password is stored unencrypted in memory in a field named rawPassword. This practice circumvents the security benefits of bcrypt hashing, as the plaintext password remains accessible in memory. An attacker with local system access—such as through a compromised account or privilege escalation—can extract these plaintext passwords by performing memory dumps, analyzing the heap, or attaching a debugger to the running process. This exposure compromises the confidentiality and integrity of administrator credentials, potentially allowing further unauthorized access or privilege escalation. The CVSS v3.1 score is 6.0 (medium severity), reflecting that exploitation requires local access and privileges but can lead to significant credential compromise. No known exploits have been reported in the wild, and no patches are currently available. The vulnerability is categorized under CWE-256 (Plaintext Storage of a Password) and CWE-532 (Insertion of Sensitive Information into Log File), highlighting improper handling of sensitive data. Organizations relying on Turms Server should prioritize mitigating this risk to prevent credential theft and subsequent attacks.

For European organizations, the primary impact of CVE-2025-66910 is the potential compromise of administrator credentials if an attacker gains local access to systems running vulnerable Turms Server versions. This can lead to unauthorized administrative control, data breaches, and further lateral movement within networks. Confidentiality is severely impacted as plaintext passwords can be extracted, and integrity is at risk due to possible unauthorized changes by attackers using stolen credentials. Availability is not directly affected. Organizations in sectors with high-value data or critical infrastructure using Turms Server could face significant operational and reputational damage. The requirement for local access limits remote exploitation but increases risk from insider threats or attackers who have already breached perimeter defenses. Given the lack of patches, the vulnerability poses a persistent risk until addressed. European entities with strict data protection regulations (e.g., GDPR) must consider the legal and compliance implications of credential exposure incidents.

1. Restrict local system access strictly to trusted administrators and monitor for unauthorized access attempts. 2. Employ endpoint detection and response (EDR) tools to detect suspicious memory access or debugging activities. 3. Implement strict privilege separation and minimize the number of users with local administrative rights on servers running Turms. 4. Use memory protection techniques such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) to complicate memory analysis. 5. Regularly audit and monitor authentication logs for anomalies indicating potential credential compromise. 6. Engage with Turms Server developers or vendors to request patches or updates that eliminate plaintext password caching. 7. Consider deploying application-level encryption or secure enclave technologies to protect sensitive data in memory. 8. Conduct internal security training to raise awareness about the risks of local access and memory extraction techniques. 9. If possible, isolate Turms Server instances in hardened environments with limited access and network segmentation. 10. Prepare incident response plans specifically addressing credential theft scenarios.