CVE-2025-27926 – Nintex Automation K2 SmartForms Designer Unauthenticated Password Disclosure

March 11, 2025
1:16 am

CVE ID : CVE-2025-27926

Published : March 10, 2025, 11:15 p.m. | 1 hour, 23 minutes ago

Description : In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27926 – Nintex Automation K2 SmartForms Designer Unauthenticated Password Disclosure

Elvescore.io

Recent Posts

CVE-2025-27610 – Rack Static Path Traversal Vulnerability

CVE-2025-27924 – Nintex Automation Stored Cross-Site Scripting (XSS)

CVE-2025-27925 – Nintex Automation Deserialization Vulnerability

CVE-2025-27926 – Nintex Automation K2 SmartForms Designer Unauthenticated Password Disclosure

CVE-2025-1828 – Crypt::Random Perl package Cryptographically Weak Random Number Generation

CVE-2024-56191 – D-Link DHD Elevation of Privilege

CVE-2025-27926 – Nintex Automation K2 SmartForms Designer Unauthenticated Password Disclosure

CVE-2025-27926 – Nintex Automation K2 SmartForms Designer Unauthenticated Password Disclosure