CVE-2025-58426
📋 TL;DR
This vulnerability in desknet's NEO software involves a hard-coded cryptographic key that could allow attackers to create malicious AppSuite applications. Organizations using affected versions of desknet's NEO are at risk, particularly those who allow custom AppSuite applications.
💻 Affected Systems
- desknet's NEO
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could create malicious AppSuite applications that appear legitimate, potentially leading to data theft, unauthorized access, or malware deployment within the organization's NEO environment.
Likely Case
Attackers could create unauthorized AppSuite applications that bypass normal security controls, potentially accessing sensitive data or functionality within the NEO system.
If Mitigated
With proper application whitelisting and network segmentation, the impact would be limited to the NEO environment only, preventing lateral movement to other systems.
🎯 Exploit Status
Exploitation requires knowledge of the hard-coded key and ability to create AppSuite applications. Attackers would need some access to the NEO environment or ability to distribute malicious applications.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after V9.0R2.0
Vendor Advisory: https://www.desknets.com/neo/support/mainte/17475/
Restart Required: No
Instructions:
1. Check current NEO version. 2. Download and apply the latest patch from desknet's official website. 3. Verify the update was successful. 4. Review and audit existing AppSuite applications.
🔧 Temporary Workarounds
Application Whitelisting
allRestrict AppSuite application deployment to only approved, verified applications from trusted sources.
Network Segmentation
allIsolate NEO systems from critical network segments to limit potential lateral movement.
🧯 If You Can't Patch
- Implement strict application control policies for AppSuite applications
- Monitor for unauthorized application deployment and unusual AppSuite activity
🔍 How to Verify
Check if Vulnerable:
Check the NEO version in the administration console or system settings. If version is between V4.0R1.0 and V9.0R2.0 inclusive, the system is vulnerable.Check Version:
Check via NEO administration console or refer to system documentation for version checking procedures.Verify Fix Applied:
Verify the NEO version is updated to a version after V9.0R2.0. Check that the patch installation was successful in the update logs.📡 Detection & Monitoring
Log Indicators:
- Unauthorized AppSuite application deployment
- Unusual AppSuite application creation events
- Failed application signature verification attempts
Network Indicators:
- Unusual outbound connections from NEO servers
- Suspicious file transfers related to AppSuite applications
SIEM Query:
source="neo_logs" AND (event="app_deployment" OR event="app_creation") AND user NOT IN [approved_users]