CVE-2025-66910 identifies a critical security vulnerability in Turms Server versions up to v0.10.0-SNAPSHOT, specifically within its administrator authentication mechanism. The vulnerability arises because the BaseAdminService class caches administrator passwords in plaintext inside AdminInfo objects to optimize authentication performance. Upon successful login, the raw password is stored unencrypted in memory in a field named rawPassword. This design flaw bypasses the intended bcrypt hashing protection, as the plaintext password remains accessible in memory. An attacker with local system access—such as through a compromised account, malicious insider, or via privilege escalation—can extract these plaintext passwords by performing memory dumps, heap analysis, or attaching debuggers to the running process. This exposure significantly increases the risk of credential theft, enabling attackers to impersonate administrators and gain unauthorized control over the system. No public exploits have been reported yet, but the vulnerability's nature makes it a serious threat. The lack of a CVSS score indicates it is newly published, but the technical details confirm a high-risk issue due to plaintext credential exposure in memory. The vulnerability affects all deployments of Turms Server at or below version 0.10.0-SNAPSHOT that use the vulnerable authentication system. Since the passwords are stored in memory only after successful login, the attack requires local access but no additional user interaction. This vulnerability highlights poor secure coding practices in handling sensitive authentication data and necessitates urgent remediation.

For European organizations using Turms Server, this vulnerability poses a significant risk to the confidentiality and integrity of administrator credentials. If an attacker gains local access to the server—via compromised user accounts, insider threats, or lateral movement within the network—they can extract plaintext administrator passwords from memory. This can lead to unauthorized administrative access, allowing attackers to manipulate system configurations, access sensitive data, or disrupt services. The exposure of administrator credentials can also facilitate further attacks such as privilege escalation, persistent backdoors, or data exfiltration. Given that Turms Server may be used in enterprise or critical infrastructure environments, the impact could extend to service outages or breaches of regulated data. The vulnerability does not directly affect availability but compromises trust and security posture. European organizations with strict data protection regulations (e.g., GDPR) may face compliance risks if breaches occur due to this vulnerability. The lack of public exploits reduces immediate risk but does not diminish the potential severity if exploited.

To mitigate CVE-2025-66910, organizations should: 1) Upgrade Turms Server to a version where this vulnerability is fixed once available, or apply vendor patches promptly. 2) Until patches are available, disable or restrict administrator authentication features that cache plaintext passwords. 3) Review and refactor the authentication code to eliminate plaintext password caching; instead, rely solely on secure password hashing mechanisms like bcrypt without storing raw passwords in memory. 4) Implement strict access controls to limit local system access to trusted administrators only, reducing the risk of memory inspection attacks. 5) Employ runtime protections such as memory encryption or process hardening to prevent unauthorized debugging or memory dumps. 6) Monitor systems for unusual local access or debugging activities indicative of exploitation attempts. 7) Conduct regular security audits and penetration testing focusing on local privilege escalation and memory exposure vectors. 8) Educate administrators on the risks of local system compromise and enforce strong endpoint security controls. These steps go beyond generic advice by focusing on code-level fixes, access restrictions, and runtime protections tailored to this vulnerability's characteristics.