What is CVE-2025-7741?

A hardcoded password vulnerability has been identified in CENTUM, affecting specific versions. While the risk of critical operations being compromised is low, organizations should address this issue as part of their security protocols.

What is the severity of CVE-2025-7741?

CVE-2025-7741 has a severity rating of LOW with a CVSS base score of 2.1.

CVE-2025-7741 | Low Vulnerability in CENTUM

A hardcoded password vulnerability has been found in CENTUM. Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. This vulnerability allows an attacker to potentially log in as the PROG user under certain conditions.

The default permission for PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, even if an attacker logs in as the PROG user, the risk of critical operations or configuration changes being performed is considered low. However, if the PROG user's permissions have been altered, there is a risk that operations or configuration changes may occur under those modified permissions.

Exploiting this vulnerability requires the attacker to already have access to the HIS screen controls. Thus, an attacker can operate and monitor at that point, regardless of this vulnerability.

The affected products and versions include CENTUM VP R5.01.00 to R5.04.20, R6.01.00 to R6.12.00, and R7.01.00. Organizations should be aware of this vulnerability and take necessary steps to mitigate the risks.

Vulnerability Details

The hardcoded password vulnerability in CENTUM is classified as a low severity issue, with a CVSS score of 2.1. The attack vector is local, and the attack complexity is high, requiring specific conditions to be met for exploitation.

The vulnerability is linked to CWE-259, which relates to hard-coded passwords. Organizations should evaluate the configurations of their CENTUM installations to ensure they are not exposed to unnecessary risks.

Technical Analysis

The root cause of this vulnerability is the presence of hardcoded credentials within the CENTUM system. This presents a potential risk if an attacker discovers the hardcoded password through various means.

The attack vector is local, meaning an attacker needs to have physical or remote access to the system to exploit this vulnerability. The attack complexity is high, as it requires specific knowledge and access to the HIS system, along with the ability to perform screen operations.

No privileges are required to exploit this vulnerability, and user interaction is not necessary. The impacts on confidentiality and integrity are low, while availability is unaffected.

Risk & Impact Analysis

Risk to organizations includes the potential for unauthorized access under specific conditions. Given the low CVSS score and the nature of the permissions associated with the PROG user, the urgency for remediation is low, allowing organizations to address it in their routine maintenance cycles.

However, organizations should remain vigilant and ensure that they have properly configured access controls to minimize any risk associated with this vulnerability. The blast radius is limited due to the required conditions for exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions include CENTUM VP R5.01.00 to R5.04.20, R6.01.00 to R6.12.00, and R7.01.00. Organizations should ensure they are on the latest versions to mitigate this vulnerability.

Mitigation & Remediation

Organizations should apply available patches for CENTUM products to address this hardcoded password vulnerability. If immediate patching is not possible, implementing configuration hardening and ensuring robust access controls can help mitigate potential risks.

For further guidance, organizations may consider engaging in penetration testing to evaluate their security posture.

Detection Guidance

Organizations should monitor logs for any unauthorized access attempts and operational anomalies related to the CENTUM system. Additionally, behavioral anomalies that may indicate exploitation attempts should be tracked.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in the necessity for organizations to maintain secure coding practices, particularly regarding credential management. This incident highlights the potential risks associated with hardcoded credentials.

Security teams should learn from this incident and implement robust security measures to prevent similar vulnerabilities in their systems. Continuous evaluation and adaptation of security practices are essential.

For further exploration of security practices, organizations are encouraged to review our resources on vulnerability management and penetration testing methodologies to enhance their defensive strategies.

For a comprehensive overview of application security trends, organizations can refer to our insights on the state of application security.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-7741: Low Vulnerability in CENTUM