CVE-2025-54855 MEDIUM

CVE-2025-54855: AutomationDirect CLICK PLUS Cleartext Storage of Sensitive Information

Vendor Automationdirect
Product CLICK PLUS C0-0x CPU firmware
Weakness CWE-312 · Cleartext storage
Published September 23, 2025
Last update September 24, 2025

CVSS base score

4.1/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored in clear text.

Key dates

02Disclosure timeline

September 23, 2025 CVE published
September 24, 2025 Record updated