CVE-2025-22492 MEDIUM

CVE-2025-22492: Insecure storage of connection strings in FRS

Vendor Eaton
Product Foreseer Reporting Software (FRS)
Weakness CWE-922
Published February 28, 2025
Last update February 28, 2025

CVSS base score

6.3/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS.

Key dates

02Disclosure timeline

February 28, 2025 CVE published
February 28, 2025 Record updated