Back

Security advisory: CVE-2025-57796

Published: 2026-01-28

Summary

A third-party security advisory identified a vulnerability related to encryption of stored credentials and configuration data affecting certain versions of Explorance Blue. Explorance assessed the issue, implemented corrective measures, and resolved the issue. There is no evidence that this issue has been exploited in the wild.

Affected versions

Explorance Blue versions prior to 8.14.12. Versions 8.14.12 and later are not affected.

Deployment applicability

  • Explorance-hosted (SaaS): No customer action required.
  • Self-hosted: Affected if running a vulnerable version.

Impact

If exploited, this issue could have allowed unintended access or behavior within the application. This could have allowed recovery of stored user credentials and system configuration values by an attacker with database access. No customer data compromise has been identified.

Resolution

The issue has been resolved in Explorance Blue version 8.14.12. Credential storage was updated to remove the use of reversible encryption.

Customer action

  • SaaS customers: No action required.
  • Self-hosted customers: Upgrade to Explorance Blue version 8.14.12 or later.

Timeline

  • Issue reported: 2025-08-29
  • Patch released: 2025-09-30

References

Third-party CVE publication: https://www.cve.org/CVERecord?id=CVE-2025-57796

Support

Customers with questions or concerns should contact support@explorance.com.

Acknowledgment

Explorance thanks Abdulrahman Nour of Mandiant (Google Cloud) for responsibly reporting this vulnerability.

Copyright © 2026

Explorance Inc. All rights reserved.