Two security flaws ( CVE-2025-5353 and CVE-2025-22455) allow local authenticated attackers to decrypt stored SQL credentials on systems running IWC version 10.19.0.0 and earlier.