CVE-2025-58742 HIGH

CVE-2025-58742: Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture

Vendor Milner
Product ImageDirector Capture
Weakness CWE-522 · Insufficiently protected credentials
Published January 20, 2026
Last update January 21, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.

Key dates

02Disclosure timeline

January 20, 2026 CVE published
January 21, 2026 Record updated