Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1123 vulnerabilities reference this CWE, most recent first.

CVE-2025-23364 (GCVE-0-2025-23364)

Vulnerability from cvelistv5 – Published: 2025-07-08 10:34 – Updated: 2025-07-08 16:11
VLAI
Summary
A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
Siemens TIA Administrator Affected: 0 , < V3.0.6 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23364",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-08T14:26:22.894853Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-08T16:11:54.563Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "TIA Administrator",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in TIA Administrator (All versions \u003c V3.0.6). The affected application improperly validates code signing certificates.\r\nThis could allow an attacker to bypass the check and exceute arbitrary code during installations."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-08T10:34:28.904Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-573669.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-23364",
    "datePublished": "2025-07-08T10:34:28.904Z",
    "dateReserved": "2025-01-14T14:16:18.187Z",
    "dateUpdated": "2025-07-08T16:11:54.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-23206 (GCVE-0-2025-23206)

Vulnerability from cvelistv5 – Published: 2025-01-17 20:34 – Updated: 2026-01-23 15:12
VLAI
Title
IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk
Summary
The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow. However, the current `tls.connect` method will always set `rejectUnauthorized: false` which is a potential security concern. CDK should follow the best practice and set `rejectUnauthorized: true`. However, this could be a breaking change for existing CDK applications and we should fix this with a feature flag. Note that this is marked as low severity Security advisory because the issuer url is provided by CDK users who define the CDK application. If they insist on connecting to a unauthorized OIDC provider, CDK should not disallow this. Additionally, the code block is run in a Lambda environment which mitigate the MITM attack. The patch is in progress. To mitigate, upgrade to CDK v2.177.0 (Expected release date 2025-02-22). Once upgraded, users should make sure the feature flag '@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections' is set to true in `cdk.context.json` or `cdk.json`. There are no known workarounds for this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
aws aws-cdk Affected: < 2.177.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23206",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-17T20:59:53.170743Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-17T20:59:59.266Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "aws-cdk",
          "vendor": "aws",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.177.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow. However, the current `tls.connect` method will always set `rejectUnauthorized: false` which is a potential security concern. CDK should follow the best practice and set `rejectUnauthorized: true`. However, this could be a breaking change for existing CDK applications and we should fix this with a feature flag. Note that this is marked as low severity Security advisory because the issuer url is provided by CDK users who define the CDK application. If they insist on connecting to a unauthorized OIDC provider, CDK should not disallow this. Additionally, the code block is run in a Lambda environment which mitigate the MITM attack. The patch is in progress. To mitigate, upgrade to CDK v2.177.0 (Expected release date 2025-02-22). Once upgraded, users should make sure the feature flag \u0027@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections\u0027 is set to true in `cdk.context.json` or `cdk.json`. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 1.8,
            "baseSeverity": "LOW",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-23T15:12:34.946Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/aws/aws-cdk/security/advisories/GHSA-v4mq-x674-ff73",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/aws/aws-cdk/security/advisories/GHSA-v4mq-x674-ff73"
        },
        {
          "name": "https://github.com/aws/aws-cdk/issues/32920",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aws/aws-cdk/issues/32920"
        },
        {
          "name": "https://github.com/aws/aws-cdk/pull/32921",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aws/aws-cdk/pull/32921"
        },
        {
          "name": "https://github.com/aws/aws-cdk/commit/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e#diff-38a03353f201fd2e520df67fb43f9f000257bffd6e9acaa5569cce7005a77560",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aws/aws-cdk/commit/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e#diff-38a03353f201fd2e520df67fb43f9f000257bffd6e9acaa5569cce7005a77560"
        },
        {
          "name": "https://docs.aws.amazon.com/cdk/v2/guide/featureflags.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.aws.amazon.com/cdk/v2/guide/featureflags.html"
        },
        {
          "name": "https://github.com/aws/aws-cdk/blob/d16482fc8a4a3e1f62751f481b770c09034df7d2/packages/%40aws-cdk/custom-resource-handlers/lib/aws-iam/oidc-handler/external.ts#L34",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aws/aws-cdk/blob/d16482fc8a4a3e1f62751f481b770c09034df7d2/packages/%40aws-cdk/custom-resource-handlers/lib/aws-iam/oidc-handler/external.ts#L34"
        },
        {
          "name": "https://github.com/aws/aws-cdk/releases/tag/v2.177.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aws/aws-cdk/releases/tag/v2.177.0"
        }
      ],
      "source": {
        "advisory": "GHSA-v4mq-x674-ff73",
        "discovery": "UNKNOWN"
      },
      "title": "IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-23206",
    "datePublished": "2025-01-17T20:34:50.851Z",
    "dateReserved": "2025-01-13T17:15:41.050Z",
    "dateUpdated": "2026-01-23T15:12:34.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20248 (GCVE-0-2025-20248)

Vulnerability from cvelistv5 – Published: 2025-09-10 16:06 – Updated: 2026-02-26 17:48
VLAI
Title
Cisco IOS XR Software Image Verification Bypass Vulnerability
Summary
A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Affected: 6.5.3
Affected: 6.5.29
Affected: 6.5.1
Affected: 6.6.1
Affected: 6.5.2
Affected: 6.5.92
Affected: 6.5.15
Affected: 6.6.2
Affected: 7.0.1
Affected: 6.6.25
Affected: 6.5.26
Affected: 6.6.11
Affected: 6.5.25
Affected: 6.5.28
Affected: 6.5.93
Affected: 6.6.12
Affected: 6.5.90
Affected: 7.0.0
Affected: 7.1.1
Affected: 7.0.90
Affected: 6.6.3
Affected: 6.7.1
Affected: 7.0.2
Affected: 7.1.15
Affected: 7.2.0
Affected: 7.2.1
Affected: 7.1.2
Affected: 6.7.2
Affected: 7.1.25
Affected: 6.6.4
Affected: 7.3.1
Affected: 7.1.3
Affected: 6.7.3
Affected: 7.4.1
Affected: 7.2.2
Affected: 6.5.31
Affected: 6.8.1
Affected: 7.4.15
Affected: 6.5.32
Affected: 7.3.2
Affected: 7.5.1
Affected: 7.4.16
Affected: 7.3.27
Affected: 7.6.1
Affected: 7.5.2
Affected: 7.6.15
Affected: 7.3.3
Affected: 7.7.1
Affected: 6.8.2
Affected: 7.3.4
Affected: 7.4.2
Affected: 6.7.35
Affected: 6.9.1
Affected: 7.6.2
Affected: 7.8.1
Affected: 7.5.3
Affected: 7.7.2
Affected: 6.9.2
Affected: 7.9.1
Affected: 7.8.2
Affected: 7.5.4
Affected: 6.5.33
Affected: 7.8.22
Affected: 7.10.1
Affected: 7.7.21
Affected: 7.9.2
Affected: 7.3.5
Affected: 7.5.5
Affected: 7.11.1
Affected: 7.9.21
Affected: 7.10.2
Affected: 7.6.3
Affected: 24.1.1
Affected: 7.3.6
Affected: 7.11.2
Affected: 24.2.1
Affected: 24.1.2
Affected: 24.2.11
Affected: 24.3.1
Affected: 24.4.1
Affected: 24.2.2
Affected: 7.8.23
Affected: 7.11.21
Affected: 24.2.20
Affected: 24.3.2
Affected: 24.4.10
Affected: 6.5.35
Affected: 24.4.15
Affected: 6.5.351
Affected: 6.5.352
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20248",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-11T03:56:26.903508Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:48:42.697Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.3"
            },
            {
              "status": "affected",
              "version": "6.5.29"
            },
            {
              "status": "affected",
              "version": "6.5.1"
            },
            {
              "status": "affected",
              "version": "6.6.1"
            },
            {
              "status": "affected",
              "version": "6.5.2"
            },
            {
              "status": "affected",
              "version": "6.5.92"
            },
            {
              "status": "affected",
              "version": "6.5.15"
            },
            {
              "status": "affected",
              "version": "6.6.2"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.6.25"
            },
            {
              "status": "affected",
              "version": "6.5.26"
            },
            {
              "status": "affected",
              "version": "6.6.11"
            },
            {
              "status": "affected",
              "version": "6.5.25"
            },
            {
              "status": "affected",
              "version": "6.5.28"
            },
            {
              "status": "affected",
              "version": "6.5.93"
            },
            {
              "status": "affected",
              "version": "6.6.12"
            },
            {
              "status": "affected",
              "version": "6.5.90"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.90"
            },
            {
              "status": "affected",
              "version": "6.6.3"
            },
            {
              "status": "affected",
              "version": "6.7.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.1.15"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "6.7.2"
            },
            {
              "status": "affected",
              "version": "7.1.25"
            },
            {
              "status": "affected",
              "version": "6.6.4"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.1.3"
            },
            {
              "status": "affected",
              "version": "6.7.3"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "6.5.31"
            },
            {
              "status": "affected",
              "version": "6.8.1"
            },
            {
              "status": "affected",
              "version": "7.4.15"
            },
            {
              "status": "affected",
              "version": "6.5.32"
            },
            {
              "status": "affected",
              "version": "7.3.2"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "7.4.16"
            },
            {
              "status": "affected",
              "version": "7.3.27"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.5.2"
            },
            {
              "status": "affected",
              "version": "7.6.15"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.7.1"
            },
            {
              "status": "affected",
              "version": "6.8.2"
            },
            {
              "status": "affected",
              "version": "7.3.4"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "6.7.35"
            },
            {
              "status": "affected",
              "version": "6.9.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.8.1"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.7.2"
            },
            {
              "status": "affected",
              "version": "6.9.2"
            },
            {
              "status": "affected",
              "version": "7.9.1"
            },
            {
              "status": "affected",
              "version": "7.8.2"
            },
            {
              "status": "affected",
              "version": "7.5.4"
            },
            {
              "status": "affected",
              "version": "6.5.33"
            },
            {
              "status": "affected",
              "version": "7.8.22"
            },
            {
              "status": "affected",
              "version": "7.10.1"
            },
            {
              "status": "affected",
              "version": "7.7.21"
            },
            {
              "status": "affected",
              "version": "7.9.2"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "7.11.1"
            },
            {
              "status": "affected",
              "version": "7.9.21"
            },
            {
              "status": "affected",
              "version": "7.10.2"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            },
            {
              "status": "affected",
              "version": "24.1.1"
            },
            {
              "status": "affected",
              "version": "7.3.6"
            },
            {
              "status": "affected",
              "version": "7.11.2"
            },
            {
              "status": "affected",
              "version": "24.2.1"
            },
            {
              "status": "affected",
              "version": "24.1.2"
            },
            {
              "status": "affected",
              "version": "24.2.11"
            },
            {
              "status": "affected",
              "version": "24.3.1"
            },
            {
              "status": "affected",
              "version": "24.4.1"
            },
            {
              "status": "affected",
              "version": "24.2.2"
            },
            {
              "status": "affected",
              "version": "7.8.23"
            },
            {
              "status": "affected",
              "version": "7.11.21"
            },
            {
              "status": "affected",
              "version": "24.2.20"
            },
            {
              "status": "affected",
              "version": "24.3.2"
            },
            {
              "status": "affected",
              "version": "24.4.10"
            },
            {
              "status": "affected",
              "version": "6.5.35"
            },
            {
              "status": "affected",
              "version": "24.4.15"
            },
            {
              "status": "affected",
              "version": "6.5.351"
            },
            {
              "status": "affected",
              "version": "6.5.352"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-10T16:06:49.860Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-xrsig-UY4zRUCG",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrsig-UY4zRUCG"
        }
      ],
      "source": {
        "advisory": "cisco-sa-xrsig-UY4zRUCG",
        "defects": [
          "CSCwm03455"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco IOS XR Software Image Verification Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20248",
    "datePublished": "2025-09-10T16:06:49.860Z",
    "dateReserved": "2024-10-10T19:15:13.238Z",
    "dateUpdated": "2026-02-26T17:48:42.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20206 (GCVE-0-2025-20206)

Vulnerability from cvelistv5 – Published: 2025-03-05 16:14 – Updated: 2026-02-26 19:09
VLAI
Title
Cisco Secure Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability
Summary
A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Client Affected: 4.9.00086
Affected: 4.9.01095
Affected: 4.9.02028
Affected: 4.9.03047
Affected: 4.9.03049
Affected: 4.9.04043
Affected: 4.9.04053
Affected: 4.9.05042
Affected: 4.9.06037
Affected: 4.10.00093
Affected: 4.10.01075
Affected: 4.10.02086
Affected: 4.10.03104
Affected: 4.10.04065
Affected: 4.10.04071
Affected: 4.10.05085
Affected: 4.10.05095
Affected: 5.0.00238
Affected: 4.10.05111
Affected: 5.0.00529
Affected: 5.0.00556
Affected: 4.10.06079
Affected: 5.0.01242
Affected: 4.10.06090
Affected: 5.0.02075
Affected: 4.10.07061
Affected: 5.0.03072
Affected: 4.10.07062
Affected: 5.0.03076
Affected: 5.0.04032
Affected: 4.10.07073
Affected: 5.0.05040
Affected: 5.1.0.136
Affected: 5.1.1.42
Affected: 4.10.08025
Affected: 5.1.2.42
Affected: 4.10.08029
Affected: 5.1.3.62
Affected: 5.1.4.74
Affected: 5.1.5.65
Affected: 5.1.6.103
Affected: 5.1.7.80
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20206",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-06T04:55:27.343309Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:45.472Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Client",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.00086"
            },
            {
              "status": "affected",
              "version": "4.9.01095"
            },
            {
              "status": "affected",
              "version": "4.9.02028"
            },
            {
              "status": "affected",
              "version": "4.9.03047"
            },
            {
              "status": "affected",
              "version": "4.9.03049"
            },
            {
              "status": "affected",
              "version": "4.9.04043"
            },
            {
              "status": "affected",
              "version": "4.9.04053"
            },
            {
              "status": "affected",
              "version": "4.9.05042"
            },
            {
              "status": "affected",
              "version": "4.9.06037"
            },
            {
              "status": "affected",
              "version": "4.10.00093"
            },
            {
              "status": "affected",
              "version": "4.10.01075"
            },
            {
              "status": "affected",
              "version": "4.10.02086"
            },
            {
              "status": "affected",
              "version": "4.10.03104"
            },
            {
              "status": "affected",
              "version": "4.10.04065"
            },
            {
              "status": "affected",
              "version": "4.10.04071"
            },
            {
              "status": "affected",
              "version": "4.10.05085"
            },
            {
              "status": "affected",
              "version": "4.10.05095"
            },
            {
              "status": "affected",
              "version": "5.0.00238"
            },
            {
              "status": "affected",
              "version": "4.10.05111"
            },
            {
              "status": "affected",
              "version": "5.0.00529"
            },
            {
              "status": "affected",
              "version": "5.0.00556"
            },
            {
              "status": "affected",
              "version": "4.10.06079"
            },
            {
              "status": "affected",
              "version": "5.0.01242"
            },
            {
              "status": "affected",
              "version": "4.10.06090"
            },
            {
              "status": "affected",
              "version": "5.0.02075"
            },
            {
              "status": "affected",
              "version": "4.10.07061"
            },
            {
              "status": "affected",
              "version": "5.0.03072"
            },
            {
              "status": "affected",
              "version": "4.10.07062"
            },
            {
              "status": "affected",
              "version": "5.0.03076"
            },
            {
              "status": "affected",
              "version": "5.0.04032"
            },
            {
              "status": "affected",
              "version": "4.10.07073"
            },
            {
              "status": "affected",
              "version": "5.0.05040"
            },
            {
              "status": "affected",
              "version": "5.1.0.136"
            },
            {
              "status": "affected",
              "version": "5.1.1.42"
            },
            {
              "status": "affected",
              "version": "4.10.08025"
            },
            {
              "status": "affected",
              "version": "5.1.2.42"
            },
            {
              "status": "affected",
              "version": "4.10.08029"
            },
            {
              "status": "affected",
              "version": "5.1.3.62"
            },
            {
              "status": "affected",
              "version": "5.1.4.74"
            },
            {
              "status": "affected",
              "version": "5.1.5.65"
            },
            {
              "status": "affected",
              "version": "5.1.6.103"
            },
            {
              "status": "affected",
              "version": "5.1.7.80"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client.\r\n\r\nThis vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-05T16:14:00.258Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-secure-dll-injection-AOyzEqSg",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-dll-injection-AOyzEqSg"
        }
      ],
      "source": {
        "advisory": "cisco-sa-secure-dll-injection-AOyzEqSg",
        "defects": [
          "CSCwn03265"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Secure Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20206",
    "datePublished": "2025-03-05T16:14:00.258Z",
    "dateReserved": "2024-10-10T19:15:13.230Z",
    "dateUpdated": "2026-02-26T19:09:45.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20181 (GCVE-0-2025-20181)

Vulnerability from cvelistv5 – Published: 2025-05-07 17:35 – Updated: 2025-05-07 19:45
VLAI
Summary
A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to missing signature verification for specific files that may be loaded during the device boot process. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute arbitrary code at boot time. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
Cisco IOS Affected: 15.0(1)XO1
Affected: 15.0(1)XO
Affected: 15.0(2)XO
Affected: 15.0(1)EY
Affected: 15.0(1)EY1
Affected: 15.0(1)EY2
Affected: 15.0(2)SE8
Affected: 15.0(1)EX
Affected: 15.0(2)EX
Affected: 15.0(2)EX1
Affected: 15.0(2)EX2
Affected: 15.0(2)EX3
Affected: 15.0(2)EX4
Affected: 15.0(2)EX5
Affected: 15.0(2)EX8
Affected: 15.0(2a)EX5
Affected: 15.0(2)EX10
Affected: 15.0(2)EX11
Affected: 15.0(2)EX13
Affected: 15.0(2)EX12
Affected: 15.2(2)E
Affected: 15.2(3)E
Affected: 15.2(2)E1
Affected: 15.2(4)E
Affected: 15.2(3)E1
Affected: 15.2(2)E2
Affected: 15.2(2a)E1
Affected: 15.2(2)E3
Affected: 15.2(2a)E2
Affected: 15.2(3)E2
Affected: 15.2(3a)E
Affected: 15.2(3)E3
Affected: 15.2(4)E1
Affected: 15.2(2)E4
Affected: 15.2(2)E5
Affected: 15.2(4)E2
Affected: 15.2(3)E4
Affected: 15.2(5)E
Affected: 15.2(4)E3
Affected: 15.2(2)E6
Affected: 15.2(5)E1
Affected: 15.2(5b)E
Affected: 15.2(2)E5a
Affected: 15.2(2)E5b
Affected: 15.2(4)E4
Affected: 15.2(2)E7
Affected: 15.2(5)E2
Affected: 15.2(6)E
Affected: 15.2(4)E5
Affected: 15.2(2)E8
Affected: 15.2(6)E0a
Affected: 15.2(6)E1
Affected: 15.2(6)E0c
Affected: 15.2(4)E6
Affected: 15.2(6)E2
Affected: 15.2(2)E9
Affected: 15.2(4)E7
Affected: 15.2(7)E
Affected: 15.2(2)E10
Affected: 15.2(4)E8
Affected: 15.2(6)E2a
Affected: 15.2(6)E2b
Affected: 15.2(7)E1
Affected: 15.2(7)E0a
Affected: 15.2(7)E0b
Affected: 15.2(7)E0s
Affected: 15.2(6)E3
Affected: 15.2(4)E9
Affected: 15.2(7)E2
Affected: 15.2(7a)E0b
Affected: 15.2(4)E10
Affected: 15.2(7)E3
Affected: 15.2(7)E1a
Affected: 15.2(7b)E0b
Affected: 15.2(7)E2a
Affected: 15.2(4)E10a
Affected: 15.2(7)E4
Affected: 15.2(7)E3k
Affected: 15.2(8)E
Affected: 15.2(8)E1
Affected: 15.2(7)E5
Affected: 15.2(7)E6
Affected: 15.2(8)E2
Affected: 15.2(4)E10d
Affected: 15.2(7)E7
Affected: 15.2(8)E3
Affected: 15.2(7)E8
Affected: 15.2(8)E4
Affected: 15.2(7)E9
Affected: 15.2(8)E5
Affected: 15.2(8)E6
Affected: 15.2(7)E10
Affected: 15.2(6)EB
Affected: 15.2(4)EA7
Affected: 15.2(4)EA8
Affected: 15.2(4)EA9
Affected: 15.2(4)EA9a
Affected: 15.0(2)SQD
Affected: 15.0(2)SQD1
Affected: 15.0(2)SQD2
Affected: 15.0(2)SQD3
Affected: 15.0(2)SQD4
Affected: 15.0(2)SQD5
Affected: 15.0(2)SQD6
Affected: 15.0(2)SQD7
Affected: 15.0(2)SQD8
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20181",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T18:56:17.739877Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T19:45:02.742Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IOS",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "15.0(1)XO1"
            },
            {
              "status": "affected",
              "version": "15.0(1)XO"
            },
            {
              "status": "affected",
              "version": "15.0(2)XO"
            },
            {
              "status": "affected",
              "version": "15.0(1)EY"
            },
            {
              "status": "affected",
              "version": "15.0(1)EY1"
            },
            {
              "status": "affected",
              "version": "15.0(1)EY2"
            },
            {
              "status": "affected",
              "version": "15.0(2)SE8"
            },
            {
              "status": "affected",
              "version": "15.0(1)EX"
            },
            {
              "status": "affected",
              "version": "15.0(2)EX"
            },
            {
              "status": "affected",
              "version": "15.0(2)EX1"
            },
            {
              "status": "affected",
              "version": "15.0(2)EX2"
            },
            {
              "status": "affected",
              "version": "15.0(2)EX3"
            },
            {
              "status": "affected",
              "version": "15.0(2)EX4"
            },
            {
              "status": "affected",
              "version": "15.0(2)EX5"
            },
            {
              "status": "affected",
              "version": "15.0(2)EX8"
            },
            {
              "status": "affected",
              "version": "15.0(2a)EX5"
            },
            {
              "status": "affected",
              "version": "15.0(2)EX10"
            },
            {
              "status": "affected",
              "version": "15.0(2)EX11"
            },
            {
              "status": "affected",
              "version": "15.0(2)EX13"
            },
            {
              "status": "affected",
              "version": "15.0(2)EX12"
            },
            {
              "status": "affected",
              "version": "15.2(2)E"
            },
            {
              "status": "affected",
              "version": "15.2(3)E"
            },
            {
              "status": "affected",
              "version": "15.2(2)E1"
            },
            {
              "status": "affected",
              "version": "15.2(4)E"
            },
            {
              "status": "affected",
              "version": "15.2(3)E1"
            },
            {
              "status": "affected",
              "version": "15.2(2)E2"
            },
            {
              "status": "affected",
              "version": "15.2(2a)E1"
            },
            {
              "status": "affected",
              "version": "15.2(2)E3"
            },
            {
              "status": "affected",
              "version": "15.2(2a)E2"
            },
            {
              "status": "affected",
              "version": "15.2(3)E2"
            },
            {
              "status": "affected",
              "version": "15.2(3a)E"
            },
            {
              "status": "affected",
              "version": "15.2(3)E3"
            },
            {
              "status": "affected",
              "version": "15.2(4)E1"
            },
            {
              "status": "affected",
              "version": "15.2(2)E4"
            },
            {
              "status": "affected",
              "version": "15.2(2)E5"
            },
            {
              "status": "affected",
              "version": "15.2(4)E2"
            },
            {
              "status": "affected",
              "version": "15.2(3)E4"
            },
            {
              "status": "affected",
              "version": "15.2(5)E"
            },
            {
              "status": "affected",
              "version": "15.2(4)E3"
            },
            {
              "status": "affected",
              "version": "15.2(2)E6"
            },
            {
              "status": "affected",
              "version": "15.2(5)E1"
            },
            {
              "status": "affected",
              "version": "15.2(5b)E"
            },
            {
              "status": "affected",
              "version": "15.2(2)E5a"
            },
            {
              "status": "affected",
              "version": "15.2(2)E5b"
            },
            {
              "status": "affected",
              "version": "15.2(4)E4"
            },
            {
              "status": "affected",
              "version": "15.2(2)E7"
            },
            {
              "status": "affected",
              "version": "15.2(5)E2"
            },
            {
              "status": "affected",
              "version": "15.2(6)E"
            },
            {
              "status": "affected",
              "version": "15.2(4)E5"
            },
            {
              "status": "affected",
              "version": "15.2(2)E8"
            },
            {
              "status": "affected",
              "version": "15.2(6)E0a"
            },
            {
              "status": "affected",
              "version": "15.2(6)E1"
            },
            {
              "status": "affected",
              "version": "15.2(6)E0c"
            },
            {
              "status": "affected",
              "version": "15.2(4)E6"
            },
            {
              "status": "affected",
              "version": "15.2(6)E2"
            },
            {
              "status": "affected",
              "version": "15.2(2)E9"
            },
            {
              "status": "affected",
              "version": "15.2(4)E7"
            },
            {
              "status": "affected",
              "version": "15.2(7)E"
            },
            {
              "status": "affected",
              "version": "15.2(2)E10"
            },
            {
              "status": "affected",
              "version": "15.2(4)E8"
            },
            {
              "status": "affected",
              "version": "15.2(6)E2a"
            },
            {
              "status": "affected",
              "version": "15.2(6)E2b"
            },
            {
              "status": "affected",
              "version": "15.2(7)E1"
            },
            {
              "status": "affected",
              "version": "15.2(7)E0a"
            },
            {
              "status": "affected",
              "version": "15.2(7)E0b"
            },
            {
              "status": "affected",
              "version": "15.2(7)E0s"
            },
            {
              "status": "affected",
              "version": "15.2(6)E3"
            },
            {
              "status": "affected",
              "version": "15.2(4)E9"
            },
            {
              "status": "affected",
              "version": "15.2(7)E2"
            },
            {
              "status": "affected",
              "version": "15.2(7a)E0b"
            },
            {
              "status": "affected",
              "version": "15.2(4)E10"
            },
            {
              "status": "affected",
              "version": "15.2(7)E3"
            },
            {
              "status": "affected",
              "version": "15.2(7)E1a"
            },
            {
              "status": "affected",
              "version": "15.2(7b)E0b"
            },
            {
              "status": "affected",
              "version": "15.2(7)E2a"
            },
            {
              "status": "affected",
              "version": "15.2(4)E10a"
            },
            {
              "status": "affected",
              "version": "15.2(7)E4"
            },
            {
              "status": "affected",
              "version": "15.2(7)E3k"
            },
            {
              "status": "affected",
              "version": "15.2(8)E"
            },
            {
              "status": "affected",
              "version": "15.2(8)E1"
            },
            {
              "status": "affected",
              "version": "15.2(7)E5"
            },
            {
              "status": "affected",
              "version": "15.2(7)E6"
            },
            {
              "status": "affected",
              "version": "15.2(8)E2"
            },
            {
              "status": "affected",
              "version": "15.2(4)E10d"
            },
            {
              "status": "affected",
              "version": "15.2(7)E7"
            },
            {
              "status": "affected",
              "version": "15.2(8)E3"
            },
            {
              "status": "affected",
              "version": "15.2(7)E8"
            },
            {
              "status": "affected",
              "version": "15.2(8)E4"
            },
            {
              "status": "affected",
              "version": "15.2(7)E9"
            },
            {
              "status": "affected",
              "version": "15.2(8)E5"
            },
            {
              "status": "affected",
              "version": "15.2(8)E6"
            },
            {
              "status": "affected",
              "version": "15.2(7)E10"
            },
            {
              "status": "affected",
              "version": "15.2(6)EB"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA7"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA8"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA9"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA9a"
            },
            {
              "status": "affected",
              "version": "15.0(2)SQD"
            },
            {
              "status": "affected",
              "version": "15.0(2)SQD1"
            },
            {
              "status": "affected",
              "version": "15.0(2)SQD2"
            },
            {
              "status": "affected",
              "version": "15.0(2)SQD3"
            },
            {
              "status": "affected",
              "version": "15.0(2)SQD4"
            },
            {
              "status": "affected",
              "version": "15.0(2)SQD5"
            },
            {
              "status": "affected",
              "version": "15.0(2)SQD6"
            },
            {
              "status": "affected",
              "version": "15.0(2)SQD7"
            },
            {
              "status": "affected",
              "version": "15.0(2)SQD8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust.\r\n\r This vulnerability is due to missing signature verification for specific files that may be loaded during the device boot process. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute arbitrary code at boot time.\r\n\r Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "cvssV3_0"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T17:35:31.850Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-c2960-3560-sboot-ZtqADrHq",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq"
        }
      ],
      "source": {
        "advisory": "cisco-sa-c2960-3560-sboot-ZtqADrHq",
        "defects": [
          "CSCvd75918"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20181",
    "datePublished": "2025-05-07T17:35:31.850Z",
    "dateReserved": "2024-10-10T19:15:13.225Z",
    "dateUpdated": "2025-05-07T19:45:02.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20178 (GCVE-0-2025-20178)

Vulnerability from cvelistv5 – Published: 2025-04-16 16:07 – Updated: 2026-02-26 18:28
VLAI
Title
Cisco Secure Network Analytics Privilege Escalation Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Network Analytics Affected: 7.5.0
Affected: 7.5.1
Affected: 7.5.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20178",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T03:55:25.373925Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:13.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Network Analytics",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.5.0"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "7.5.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system.\r\n\r\n\r\nThis vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-16T16:07:30.356Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-sna-prvesc-4BQmK33Z",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-prvesc-4BQmK33Z"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sna-prvesc-4BQmK33Z",
        "defects": [
          "CSCwn51215"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Secure Network Analytics Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20178",
    "datePublished": "2025-04-16T16:07:30.356Z",
    "dateReserved": "2024-10-10T19:15:13.225Z",
    "dateUpdated": "2026-02-26T18:28:13.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20143 (GCVE-0-2025-20143)

Vulnerability from cvelistv5 – Published: 2025-03-12 16:12 – Updated: 2026-02-26 19:09
VLAI
Title
Cisco IOS XR Software Secure Boot Bypass Vulnerability
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Affected: 6.5.3
Affected: 6.5.2
Affected: 6.5.92
Affected: 6.5.1
Affected: 6.5.15
Affected: 6.6.2
Affected: 7.0.1
Affected: 6.6.25
Affected: 6.6.1
Affected: 6.6.11
Affected: 6.5.93
Affected: 6.6.12
Affected: 7.0.0
Affected: 7.1.1
Affected: 7.0.90
Affected: 6.6.3
Affected: 6.7.1
Affected: 7.0.2
Affected: 7.1.15
Affected: 7.2.0
Affected: 7.2.1
Affected: 7.1.2
Affected: 6.7.2
Affected: 7.1.25
Affected: 6.6.4
Affected: 7.3.1
Affected: 7.1.3
Affected: 6.7.3
Affected: 7.4.1
Affected: 7.2.2
Affected: 6.8.1
Affected: 7.4.15
Affected: 7.3.2
Affected: 7.5.1
Affected: 7.4.16
Affected: 7.3.27
Affected: 7.6.1
Affected: 7.5.2
Affected: 7.6.15
Affected: 7.3.3
Affected: 7.7.1
Affected: 6.8.2
Affected: 7.4.2
Affected: 7.3.4
Affected: 6.7.35
Affected: 6.9.1
Affected: 7.6.2
Affected: 7.8.1
Affected: 7.5.3
Affected: 7.7.2
Affected: 6.9.2
Affected: 7.8.2
Affected: 7.5.4
Affected: 7.8.22
Affected: 7.7.21
Affected: 7.3.5
Affected: 7.5.5
Affected: 7.3.6
Affected: 7.8.23
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20143",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-13T03:55:22.156936Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:35.340Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.3"
            },
            {
              "status": "affected",
              "version": "6.5.2"
            },
            {
              "status": "affected",
              "version": "6.5.92"
            },
            {
              "status": "affected",
              "version": "6.5.1"
            },
            {
              "status": "affected",
              "version": "6.5.15"
            },
            {
              "status": "affected",
              "version": "6.6.2"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.6.25"
            },
            {
              "status": "affected",
              "version": "6.6.1"
            },
            {
              "status": "affected",
              "version": "6.6.11"
            },
            {
              "status": "affected",
              "version": "6.5.93"
            },
            {
              "status": "affected",
              "version": "6.6.12"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.90"
            },
            {
              "status": "affected",
              "version": "6.6.3"
            },
            {
              "status": "affected",
              "version": "6.7.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.1.15"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "6.7.2"
            },
            {
              "status": "affected",
              "version": "7.1.25"
            },
            {
              "status": "affected",
              "version": "6.6.4"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.1.3"
            },
            {
              "status": "affected",
              "version": "6.7.3"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "6.8.1"
            },
            {
              "status": "affected",
              "version": "7.4.15"
            },
            {
              "status": "affected",
              "version": "7.3.2"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "7.4.16"
            },
            {
              "status": "affected",
              "version": "7.3.27"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.5.2"
            },
            {
              "status": "affected",
              "version": "7.6.15"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.7.1"
            },
            {
              "status": "affected",
              "version": "6.8.2"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "7.3.4"
            },
            {
              "status": "affected",
              "version": "6.7.35"
            },
            {
              "status": "affected",
              "version": "6.9.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.8.1"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.7.2"
            },
            {
              "status": "affected",
              "version": "6.9.2"
            },
            {
              "status": "affected",
              "version": "7.8.2"
            },
            {
              "status": "affected",
              "version": "7.5.4"
            },
            {
              "status": "affected",
              "version": "7.8.22"
            },
            {
              "status": "affected",
              "version": "7.7.21"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "7.3.6"
            },
            {
              "status": "affected",
              "version": "7.8.23"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T16:12:31.135Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-sb-lkm-zNErZjbZ",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-lkm-zNErZjbZ"
        },
        {
          "name": "Crafting endless AS-PATHS in BGP",
          "url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sb-lkm-zNErZjbZ",
        "defects": [
          "CSCvx66790"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XR Software Secure Boot Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20143",
    "datePublished": "2025-03-12T16:12:31.135Z",
    "dateReserved": "2024-10-10T19:15:13.215Z",
    "dateUpdated": "2026-02-26T19:09:35.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15598 (GCVE-0-2025-15598)

Vulnerability from cvelistv5 – Published: 2026-03-03 09:32 – Updated: 2026-03-03 14:33
VLAI
Title
Dataease SQLBot JWT Token auth.py validateEmbedded signature verification
Summary
A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
  • CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
URL Tags
https://vuldb.com/?id.348292 vdb-entrytechnical-description
https://vuldb.com/?ctiid.348292 signaturepermissions-required
https://vuldb.com/?submit.707291 third-party-advisory
https://github.com/yaowenxiao721/Poc/blob/main/SQ… exploit
Impacted products
Vendor Product Version
Dataease SQLBot Affected: 1.5.0
Affected: 1.5.1
Create a notification for this product.
Credits
yaowenxiao (VulDB User) VulDB
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15598",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-03T14:32:57.384778Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-03T14:33:05.697Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "JWT Token Handler"
          ],
          "product": "SQLBot",
          "vendor": "Dataease",
          "versions": [
            {
              "status": "affected",
              "version": "1.5.0"
            },
            {
              "status": "affected",
              "version": "1.5.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yaowenxiao (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-03T09:32:06.880Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-348292 | Dataease SQLBot JWT Token auth.py validateEmbedded signature verification",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.348292"
        },
        {
          "name": "VDB-348292 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.348292"
        },
        {
          "name": "Submit #707291 | FIT2CLOUD SQLBot 1.3.0 Improper Verification of Cryptographic Signature",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.707291"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-JWT-Signature-Verification-Bypass.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-01T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-01T07:37:05.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Dataease SQLBot JWT Token auth.py validateEmbedded signature verification"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-15598",
    "datePublished": "2026-03-03T09:32:06.880Z",
    "dateReserved": "2026-03-01T06:30:48.792Z",
    "dateUpdated": "2026-03-03T14:33:05.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15469 (GCVE-0-2025-15469)

Vulnerability from cvelistv5 – Published: 2026-01-27 16:01 – Updated: 2026-01-29 14:54
VLAI
Title
'openssl dgst' one-shot codepath silently truncates inputs >16MB
Summary
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated. When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath. The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected. The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary. OpenSSL 3.5 and 3.6 are vulnerable to this issue. OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
OpenSSL OpenSSL Affected: 3.6.0 , < 3.6.1 (semver)
Affected: 3.5.0 , < 3.5.5 (semver)
Create a notification for this product.
Date Public
2026-01-27 14:00
Credits
Stanislav Fort (Aisle Research) Viktor Dukhovni
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-15469",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T14:54:00.486808Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T14:54:35.153Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.6.1",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.5.5",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Stanislav Fort (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Viktor Dukhovni"
        }
      ],
      "datePublic": "2026-01-27T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: The \u0027openssl dgst\u0027 command-line tool silently truncates input\u003cbr\u003edata to 16MB when using one-shot signing algorithms and reports success instead\u003cbr\u003eof an error.\u003cbr\u003e\u003cbr\u003eImpact summary: A user signing or verifying files larger than 16MB with\u003cbr\u003eone-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\u003cbr\u003efile is authenticated while trailing data beyond 16MB remains unauthenticated.\u003cbr\u003e\u003cbr\u003eWhen the \u0027openssl dgst\u0027 command is used with algorithms that only support\u003cbr\u003eone-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\u003cbr\u003eis buffered with a 16MB limit. If the input exceeds this limit, the tool\u003cbr\u003esilently truncates to the first 16MB and continues without signaling an error,\u003cbr\u003econtrary to what the documentation states. This creates an integrity gap where\u003cbr\u003etrailing bytes can be modified without detection if both signing and\u003cbr\u003everification are performed using the same affected codepath.\u003cbr\u003e\u003cbr\u003eThe issue affects only the command-line tool behavior. Verifiers that process\u003cbr\u003ethe full message using library APIs will reject the signature, so the risk\u003cbr\u003eprimarily affects workflows that both sign and verify with the affected\u003cbr\u003e\u0027openssl dgst\u0027 command. Streaming digest algorithms for \u0027openssl dgst\u0027 and\u003cbr\u003elibrary users are unaffected.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\u003cbr\u003ecommand-line tools are outside the OpenSSL FIPS module boundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.5 and 3.6 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue."
            }
          ],
          "value": "Issue summary: The \u0027openssl dgst\u0027 command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the \u0027openssl dgst\u0027 command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n\u0027openssl dgst\u0027 command. Streaming digest algorithms for \u0027openssl dgst\u0027 and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-27T16:01:21.597Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20260127.txt"
        },
        {
          "name": "3.6.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f"
        },
        {
          "name": "3.5.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "\u0027openssl dgst\u0027 one-shot codepath silently truncates inputs \u003e16MB",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2025-15469",
    "datePublished": "2026-01-27T16:01:21.597Z",
    "dateReserved": "2026-01-06T09:27:22.586Z",
    "dateUpdated": "2026-01-29T14:54:35.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13662 (GCVE-0-2025-13662)

Vulnerability from cvelistv5 – Published: 2025-12-09 16:05 – Updated: 2026-02-26 16:57
VLAI
Summary
Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
Ivanti Endpoint Manager Unaffected: 2024 SU4 SR1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13662",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-10T04:57:21.387777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:57:03.979Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Endpoint Manager",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "2024 SU4 SR1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required."
            }
          ],
          "value": "Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T16:05:31.059Z",
        "orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
        "shortName": "ivanti"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
    "assignerShortName": "ivanti",
    "cveId": "CVE-2025-13662",
    "datePublished": "2025-12-09T16:05:31.059Z",
    "dateReserved": "2025-11-25T16:15:33.366Z",
    "dateUpdated": "2026-02-26T16:57:03.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.