CVE-2025-1868:A vulnerability in Famatech Corp’s Advanced IP Scanner and Advanced Port Scanner can inadvertently expose the NTLM hash of the user when performing a network scan. An attacker can exploit this by intercepting traffic to a legitimate server or by directing traffic to a fake server, in both local and remote scenarios and across HTTP/HTTPS and SMB protocols. The issue does not require user interaction or privileges.

splash
Back

Description Preview

This CVE describes unauthorized exposure of confidential information affecting two Famatech products: Advanced IP Scanner (versions 2.5.4594.1 and earlier) and Advanced Port Scanner (versions 2.5.3869 and earlier). During network scans, these applications may transmit the NTLM hash of the user performing the scan, which can be captured by an eavesdropper on the network or by connecting to a malicious server. The exposure is relevant for both HTTP/HTTPS and SMB protocols and can be exploited in local or remote network contexts. The vulnerability is currently unpatched, with the vendor (Famatech Corp) actively working on a fix. Severity metrics indicate a medium overall impact (CVSS v4.0 base score 6.9; confidentiality impact HIGH; attack vector LOCAL; no privileges required; no user interaction).

Overview

This vulnerability involves the unauthorized exposure of a user’s NTLM hash during network scans initiated by Famatech’s Advanced IP Scanner and Advanced Port Scanner. An attacker could observe or capture the hash by monitoring traffic to a legitimate server or by coordinating with a malicious server, affecting both HTTP/HTTPS and SMB communications in local or remote network contexts. The issue has not yet been fixed, and the vendor is actively developing a remedy.

Remediation

  • Monitor the vendor for a published patch or fixed version and apply the update as soon as it becomes available.
  • If a patch is not yet available, restrict scanning to trusted, isolated networks and avoid performing scans on untrusted or public networks.
  • Ensure communications are secured:
    • Prefer HTTPS for all web interfaces and ensure TLS is correctly configured.
    • Enable SMB signing and, where possible, SMB encryption to protect SMB traffic.
    • Where feasible, favor authentication methods that do not rely on NTLM (e.g., Kerberos) and enforce NTLMv2 while disabling NTLMv1.
  • Enforce network access controls:
    • Segment networks to limit exposure of scanning traffic.
    • Apply firewall rules to restrict scanning-related traffic to known, legitimate servers.
  • Deploy endpoint and network monitoring to detect and alert on suspected credential exposure (e.g., unusual NTLM-related traffic or hashes appearing on the network).
  • Consider temporarily using alternative, vendor-vetted scanning tools until a fix is released.
  • Validate remediation by testing in a controlled environment after applying patches or mitigations.

References

  • INCIBE advisory on Famatech Corp products: https://www.incibe.es/en/incibe-cert/notices/aviso/information-display-multiple-products-famatech-corp
  • MITRE CVE entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1868
  • NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-1868

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services: Low
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Construction: Low
    Construction
  6. Educational Services: Low
    Educational Services
  7. Finance and Insurance: Low
    Finance and Insurance
  8. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background