Docusnap Vulnerability Could Lead to Privilege Escalation Attacks

EXECUTIVE SUMMARY:

A major security flaw in Docusnap allows attackers to decrypt sensitive system data collected from Windows hosts. The issue stems from the use of a static encryption key, making the encryption ineffective. This flaw lets any domain user with read access retrieve system configurations, aiding lateral movement and privilege escalation. The vulnerability has been assigned CVE-2025-26849, with a CVSS score of 7.2 (High) due to the potential exposure of critical system information.[emaillocker id="1283"]

• CVE-2025-26849: This vulnerability arises from the use of a hardcoded AES-256 encryption key within Docusnap’s .NET-based server application. Attackers can extract this static key from the software’s binaries, enabling them to decrypt inventory files stored on network shares. These files, accessible to any domain user with read permissions, contain critical system information. Despite a vendor update that rotated the encryption key, the reliance on static keys remains unresolved, leaving systems vulnerable to exploitation.

The vulnerability poses a high risk as it exposes system details that attackers can use for further attacks. While the vendor claims to have resolved the issue, independent verification shows that hardcoded keys are still present. Organizations using Docusnap must take immediate security measures.

RECOMMENDATION:

• We strongly recommend you update Docusnap to version 14.0.303.24347 or later.

REFERENCES:

The following reports contain further technical details:
https://cybersecuritynews.com/docusnap-for-windows-vulnerability/