Insufficient Session Expiration

CVE-2025-15552

Medium

6/10

Summary

Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-613 - Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References

Advisory Timeline

Published Mar 16, 2026

Insufficient Session Expiration

CVE-2025-15552

Summary

CWE-613 - Insufficient Session Expiration

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS