What's Happening?
Researcher James Harrold discovered two vulnerabilities in Workhorse Software Services' accounting software used by 310 municipalities in Wisconsin. The flaws, CVE-2025-9037 and CVE-2025-9040, involve plaintext storage of SQL credentials and an unencrypted database backup feature, potentially exposing sensitive data like Social Security numbers and financial records. Workhorse has released patches and mitigations, emphasizing that customers are responsible for SQL authentication methods and that the backup feature is optional.
Why It's Important?
The exposure of sensitive data due to software vulnerabilities poses significant risks to municipal operations and citizen privacy. Such breaches can lead to identity theft, financial fraud, and compromised public trust. The incident highlights the need for robust cybersecurity practices and regular audits to ensure software security. Municipalities must prioritize data protection to safeguard against potential exploitation and maintain the integrity of their operations.
