Description

An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encrypt(byte[] clearData) derives both the encryption key and the IV from a fixed, hardcoded input by using a static salt value. As a result, identical plaintext inputs always produce identical ciphertext outputs. This is true for both FIPS and non-FIPS generated passwords. In other words, there is a cryptographic implementation flaw in the password encryption mechanism. Although there are multiple encryption methods grouped under FIPS and non-FIPS classifications, the logic consistently results in predictable and reversible encrypted outputs due to the lack of per-operation randomness and encryption authentication.

INFO

Published Date :

2025-07-16T00:00:00.000Z

Last Modified :

2025-11-24T15:25:43.122Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32874 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32874.

URL Resource
https://codykretsinger.com cve-icon cve-icon
https://galacticadvisors.com cve-icon cve-icon
https://www.galacticadvisors.com/release/critical-vulnerabilities-in-network-detective/ cve-icon cve-icon
https://www.galacticadvisors.com/release/cve/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact