📄 Description (English)
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808.
🤖 AI Executive Summary
CVE-2025-58741 is a credential exposure vulnerability in Milner ImageDirector Capture (versions 7.0.9-7.6.3.25808) that allows attackers to retrieve stored credentials and gain unauthorized database access. With a CVSS score of 7.5, this high-severity issue poses significant risk to organizations using this document imaging solution. Immediate patching is critical as credentials stored in the application can be extracted, potentially leading to lateral movement and data breach.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 2, 2026 08:34
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations in document-intensive sectors: Government agencies (Ministry of Interior, Ministry of Health, ARAMCO administrative divisions) using ImageDirector for document management; Banking sector (SAMA-regulated institutions) for loan documentation and compliance records; Healthcare providers managing patient records; and Telecom operators (STC, Mobily) for billing and customer documentation. The credential exposure could enable attackers to access sensitive government documents, financial records, and personal health information, with potential compliance violations under SAMA CSF and NCA ECC 2024.
🏢 Affected Saudi Sectors
Government
Banking
Healthcare
Energy
Telecommunications
Insurance
Legal Services
Education
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of Milner ImageDirector Capture running versions 7.0.9 through 7.6.3.25808 across your infrastructure
2. Isolate affected systems from production networks if possible, or implement network segmentation
3. Rotate all credentials stored within or accessed by ImageDirector Capture immediately
4. Review database access logs for unauthorized access attempts in the past 90 days
PATCHING GUIDANCE:
1. Upgrade to the latest patched version of ImageDirector Capture (7.6.4 or later) as provided by Milner
2. Test patches in a non-production environment first
3. Schedule maintenance windows for production deployment
4. Verify credential encryption post-patch
COMPENSATING CONTROLS (if immediate patching not possible):
1. Implement database access controls and monitor for suspicious queries
2. Enable application-level logging and audit trails
3. Restrict network access to ImageDirector Capture to authorized users only
4. Deploy Web Application Firewall (WAF) rules to detect credential extraction attempts
5. Implement secrets management solution to replace hardcoded credentials
DETECTION RULES:
1. Monitor for unusual database connection attempts from ImageDirector service accounts
2. Alert on credential field access patterns outside normal operations
3. Track failed authentication attempts to ImageDirector database
4. Monitor for data exfiltration from document storage locations
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع حالات Milner ImageDirector Capture التي تعمل بالإصدارات 7.0.9 إلى 7.6.3.25808 عبر البنية التحتية
2. عزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن، أو تطبيق تقسيم الشبكة
3. تدوير جميع بيانات الاعتماد المخزنة في أو التي يمكن الوصول إليها بواسطة ImageDirector Capture فوراً
4. مراجعة سجلات الوصول إلى قاعدة البيانات للكشف عن محاولات الوصول غير المصرح به في آخر 90 يوماً
إرشادات التصحيح:
1. الترقية إلى أحدث إصدار معدل من ImageDirector Capture (7.6.4 أو أحدث) المقدم من Milner
2. اختبار التصحيحات في بيئة غير إنتاجية أولاً
3. جدولة نوافذ الصيانة لنشر الإنتاج
4. التحقق من تشفير بيانات الاعتماد بعد التصحيح
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):
1. تطبيق ضوابط الوصول إلى قاعدة البيانات ومراقبة الاستعلامات المريبة
2. تفعيل السجلات على مستوى التطبيق ومسارات التدقيق
3. تقييد الوصول إلى الشبكة إلى ImageDirector Capture للمستخدمين المصرح لهم فقط
4. نشر قواعد جدار الحماية لتطبيقات الويب (WAF) للكشف عن محاولات استخراج بيانات الاعتماد
5. تطبيق حل إدارة الأسرار لاستبدال بيانات الاعتماد المشفرة
قواعد الكشف:
1. مراقبة محاولات الاتصال غير العادية بقاعدة البيانات من حسابات خدمة ImageDirector
2. التنبيه على أنماط الوصول إلى حقول بيانات الاعتماد خارج العمليات العادية
3. تتبع محاولات المصادقة الفاشلة لقاعدة بيانات ImageDirector
4. مراقبة تسرب البيانات من مواقع تخزين المستندات
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Policies and procedures for access control
A.5.2.1 - User registration and access rights management
A.5.2.2 - Privilege access management
A.5.3.1 - Password management systems
A.8.2.1 - Classification of information assets
A.8.2.3 - Handling of assets
A.9.2.1 - User endpoint devices
A.9.4.3 - Access control to databases
🔵 SAMA CSF
ID.AM-2: Software platforms and applications are inventoried
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited
PR.AC-2: Physical access to assets is managed and protected
PR.AC-3: Remote access is managed
PR.AC-4: Access permissions and authorizations are managed
PR.AC-5: Network segmentation is managed
DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed
DE.CM-1: The network is monitored to detect potential cybersecurity events
🟡 ISO 27001:2022
5.1.1 - Policies for information security
5.2.1 - Information security roles and responsibilities
6.1.1 - Processes to manage information security
6.2.1 - Information security risk assessment
8.1.1 - Processes to manage information security
8.2.1 - User endpoint devices
8.2.3 - Cryptography
8.3.1 - Cryptographic controls
A.5.1.1 - Access control policy
A.5.2.1 - User registration and access rights
A.5.2.2 - Privilege access management
A.5.3.1 - Password management
A.8.2.1 - Classification of information
A.9.2.1 - User endpoint devices
A.9.4.3 - Segregation of networks
🟣 PCI DSS v4.0.1
Requirement 2.1 - Default security parameters
Requirement 3.2.1 - Render PAN unreadable
Requirement 6.2 - Security patches
Requirement 7.1 - Limit access to system components
Requirement 8.1 - Assign unique ID to each person
Requirement 8.2.3 - Passwords encrypted during transmission
Requirement 8.2.4 - Change user passwords
Requirement 10.2.1 - Implement automated audit trails
🔗 References & Sources 1
📦 Affected Products / CPE 1 entries
milner:imagedirector_capture