CVE-2025-45764

Опубликовано: 06 авг. 2025

Источник: redhat

CVSS3: 3.2

EPSS Низкий

Описание

jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

A flaw was found in jsrsasign. The library uses weak encryption algorithms, potentially resulting in sensitive data being vulnerable to decryption by an attacker with local access. This weakness allows a malicious actor to compromise confidentiality without requiring authentication or user interaction. It arises from the use of insufficiently strong cryptographic primitives.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Migration Toolkit for Virtualization	migration-toolkit-virtualization/mtv-console-plugin-rhel9	Fix deferred
Migration Toolkit for Virtualization	mtv-candidate/mtv-console-plugin-rhel9	Fix deferred
Red Hat Quay 3	quay/quay-rhel8	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-327

https://bugzilla.redhat.com/show_bug.cgi?id=2386919jsrsasign: jsrsasign Weak Encryption Vulnerability

EPSS

Процентиль: 0%

0.00008

Низкий

3.2 Low

CVSS3

Связанные уязвимости

CVE-2025-45764

CVSS3: 3.2

nvd

16 дней назад

GHSA-qw4m-3r5p-h4wq

CVSS3: 7

github