Vulnerability in Truesec Lapswebui

CVE-2025-15553

Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.

EPSS: 0.000 (4.4th percentile) — read the EPSS interpretation.

Affected products

Truesec Lapswebui — versions 0, 2.4

Weakness classification (CWE)

CWE-613 — Insufficient Session Expiration

References

labs.reversec.com/advisories/2026/03/insecure-logout-functionality-in-truesec-l…