Common Weakness Enumeration
CWE-325
AllowedMissing Cryptographic Step
Abstraction: Base · Status: Draft
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
91 vulnerabilities reference this CWE, most recent first.
GHSA-WPH3-C8FM-Q2V8
Vulnerability from github – Published: 2026-04-02 09:30 – Updated: 2026-04-16 21:31
VLAI
Details
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.
Severity
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-29142"
],
"database_specific": {
"cwe_ids": [
"CWE-325"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-02T09:16:22Z",
"severity": "MODERATE"
},
"details": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.",
"id": "GHSA-wph3-c8fm-q2v8",
"modified": "2026-04-16T21:31:10Z",
"published": "2026-04-02T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29142"
},
{
"type": "WEB",
"url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
CAPEC-68: Subvert Code-signing Facilities
Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.