Insufficient Session Expiration Truesec LAPSWebUI <2.4
CVE-2025-15552 Published on March 16, 2026

Long Session Lifetime in Truesec LAPSWebUI
Insufficient Session Expiration in Truesecs LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.

NVD

Weakness Type

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

Affected Versions

Truesec LAPSWebUI:

Before 2.4 is affected.
Version 2.4 is unaffected.

Exploit Probability

EPSS

0.02%

Percentile

4.94%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Insufficient Session Expiration Truesec LAPSWebUI <2.4CVE-2025-15552 Published on March 16, 2026

Weakness Type

Insufficient Session Expiration

Affected Versions

Exploit Probability

Insufficient Session Expiration Truesec LAPSWebUI <2.4
CVE-2025-15552 Published on March 16, 2026