Vulnerability in Truesec Lapswebui

CVE-2025-15554

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords.

EPSS: 0.000 (5.5th percentile) — read the EPSS interpretation.

Affected products

Truesec Lapswebui — versions 0, 2.4

Weakness classification (CWE)

CWE-525

References

labs.reversec.com/advisories/2026/03/admin-passwords-cached-by-browsers-in-true…