CVE-2025-61977 HIGH

CVE-2025-61977: AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password

Vendor Automationdirect
Product Productivity Suite
Weakness CWE-640 · Weak password recovery
Published October 23, 2025
Last update October 24, 2025

CVSS base score

7.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.

Key dates

02Disclosure timeline

October 23, 2025 CVE published
October 24, 2025 Record updated