Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1127 vulnerabilities reference this CWE, most recent first.

CVE-2025-59288 (GCVE-0-2025-59288)

Vulnerability from cvelistv5 – Published: 2025-10-14 17:00 – Updated: 2026-02-22 17:24
VLAI
Title
Playwright Spoofing Vulnerability
Summary
Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
Vendor Product Version
Microsoft microsoft/playwright Affected: 1.0.0 , < 1.55.1 (custom)
Create a notification for this product.
Date Public
2025-10-14 14:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59288",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T19:44:47.035551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T19:44:54.873Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "microsoft/playwright",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.55.1",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:playwright:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.55.1",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-10-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-22T17:24:58.049Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Playwright Spoofing Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59288"
        }
      ],
      "title": "Playwright Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-59288",
    "datePublished": "2025-10-14T17:00:49.154Z",
    "dateReserved": "2025-09-11T19:36:03.690Z",
    "dateUpdated": "2026-02-22T17:24:58.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58356 (GCVE-0-2025-58356)

Vulnerability from cvelistv5 – Published: 2025-10-27 19:33 – Updated: 2025-11-28 14:45
VLAI
Title
Constellation allows insecure use of LUKS2 persistent storage partitions
Summary
Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function crypt_activate_by_passhrase. If the VM is successful in opening the partition with the disk encryption key, it treats the volume as confidential. However, due to the unsafe handling of null keyslot algorithms in the cryptsetup 2.8.1, it is possible that the opened volume is not encrypted at all. Cryptsetup prior to version 2.8.1 does not report an error when processing LUKS2-formatted disks that use the cipher_null-ecb algorithm in the keyslot encryption field. This vulnerability is fixed in 2.24.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
edgelesssys constellation Affected: < 2.24.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58356",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-27T19:44:26.781817Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-27T19:44:45.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-28T14:45:46.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "constellation",
          "vendor": "edgelesssys",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.24.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function crypt_activate_by_passhrase. If the VM is successful in opening the partition with the disk encryption key, it treats the volume as confidential. However, due to the unsafe handling of null keyslot algorithms in the cryptsetup 2.8.1, it is possible that the opened volume is not encrypted at all. Cryptsetup prior to version 2.8.1 does not report an error when processing LUKS2-formatted disks that use the cipher_null-ecb algorithm in the keyslot encryption field. This vulnerability is fixed in 2.24.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-27T19:33:23.969Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/edgelesssys/constellation/security/advisories/GHSA-hq76-6gh2-5g4q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/edgelesssys/constellation/security/advisories/GHSA-hq76-6gh2-5g4q"
        },
        {
          "name": "https://github.com/edgelesssys/constellation/pull/3927",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/edgelesssys/constellation/pull/3927"
        },
        {
          "name": "https://github.com/edgelesssys/constellation/releases/tag/v2.24.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/edgelesssys/constellation/releases/tag/v2.24.0"
        }
      ],
      "source": {
        "advisory": "GHSA-hq76-6gh2-5g4q",
        "discovery": "UNKNOWN"
      },
      "title": "Constellation allows insecure use of LUKS2 persistent storage partitions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-58356",
    "datePublished": "2025-10-27T19:33:23.969Z",
    "dateReserved": "2025-08-29T16:19:59.010Z",
    "dateUpdated": "2025-11-28T14:45:46.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-57801 (GCVE-0-2025-57801)

Vulnerability from cvelistv5 – Published: 2025-08-22 19:54 – Updated: 2025-08-22 20:06
VLAI
Title
gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks
Summary
gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S < order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack essential constraints, multiple distinct witnesses can satisfy the same public inputs. In protocols where nullifiers or anti-replay checks are derived from R and S, this enables signature malleability and may allow double spending. This issue has been addressed in version 0.14.0.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
Vendor Product Version
Consensys gnark Affected: < 0.14.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57801",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-22T20:05:45.827084Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-22T20:06:00.913Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gnark",
          "vendor": "Consensys",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.14.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 \u2264 S \u003c order, leading to a signature malleability vulnerability. Because gnark\u2019s native EdDSA and ECDSA circuits lack essential constraints, multiple distinct witnesses can satisfy the same public inputs. In protocols where nullifiers or anti-replay checks are derived from R and S, this enables signature malleability and may allow double spending. This issue has been addressed in version 0.14.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T19:54:05.854Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Consensys/gnark/security/advisories/GHSA-95v9-hv42-pwrj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Consensys/gnark/security/advisories/GHSA-95v9-hv42-pwrj"
        },
        {
          "name": "https://github.com/Consensys/gnark/commit/0ba6730f05537a351517998add89a61a0d82716e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Consensys/gnark/commit/0ba6730f05537a351517998add89a61a0d82716e"
        }
      ],
      "source": {
        "advisory": "GHSA-95v9-hv42-pwrj",
        "discovery": "UNKNOWN"
      },
      "title": "gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-57801",
    "datePublished": "2025-08-22T19:54:05.854Z",
    "dateReserved": "2025-08-20T14:30:35.009Z",
    "dateUpdated": "2025-08-22T20:06:00.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-55278 (GCVE-0-2025-55278)

Vulnerability from cvelistv5 – Published: 2025-11-05 22:44 – Updated: 2025-11-06 21:20
VLAI
Title
HCL DevOps Loop is susceptible to an improper authentication vulnerability
Summary
Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized access to sensitive resources and perform actions with elevated privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
HCL
Impacted products
Date Public
2025-11-05 18:17
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55278",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-06T21:20:45.629738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-06T21:20:55.355Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DevOps Loop",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.2"
            }
          ]
        }
      ],
      "datePublic": "2025-11-05T18:17:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature.  As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized access to sensitive resources and perform actions with elevated privileges."
            }
          ],
          "value": "Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature.  As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized access to sensitive resources and perform actions with elevated privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-05T22:44:17.256Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124203"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL DevOps Loop is susceptible to an improper authentication vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2025-55278",
    "datePublished": "2025-11-05T22:44:17.256Z",
    "dateReserved": "2025-08-12T07:00:17.743Z",
    "dateUpdated": "2025-11-06T21:20:55.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-55229 (GCVE-0-2025-55229)

Vulnerability from cvelistv5 – Published: 2025-08-21 19:50 – Updated: 2026-02-13 18:55
VLAI
Title
Windows Certificate Spoofing Vulnerability
Summary
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1507 Affected: 10.0.10240.0 , < 10.0.10240.21014 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < 10.0.14393.8066 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1809 Affected: 10.0.17763.0 , < 10.0.17763.7314 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 21H2 Affected: 10.0.19044.0 , < 10.0.19044.5854 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 22H2 Affected: 10.0.19045.0 , < 10.0.19045.5854 (custom)
Create a notification for this product.
Microsoft Windows 11 version 22H2 Affected: 10.0.22621.0 , < 10.0.22621.5335 (custom)
Create a notification for this product.
Microsoft Windows 11 version 22H3 Affected: 10.0.22631.0 , < 10.0.22631.5335 (custom)
Create a notification for this product.
Microsoft Windows 11 Version 23H2 Affected: 10.0.22631.0 , < 10.0.22631.5335 (custom)
Create a notification for this product.
Microsoft Windows 11 Version 24H2 Affected: 10.0.26100.0 , < 10.0.26100.4061 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < 10.0.14393.8066 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < 10.0.14393.8066 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 Affected: 10.0.17763.0 , < 10.0.17763.7314 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.17763.0 , < 10.0.17763.7314 (custom)
Create a notification for this product.
Microsoft Windows Server 2022 Affected: 10.0.20348.0 , < 10.0.20348.3692 (custom)
Create a notification for this product.
Microsoft Windows Server 2022, 23H2 Edition (Server Core installation) Affected: 10.0.25398.0 , < 10.0.25398.1611 (custom)
Create a notification for this product.
Microsoft Windows Server 2025 Affected: 10.0.26100.0 , < 10.0.26100.4061 (custom)
Create a notification for this product.
Microsoft Windows Server 2025 (Server Core installation) Affected: 10.0.26100.0 , < 10.0.26100.4061 (custom)
Create a notification for this product.
Date Public
2025-08-21 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55229",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-22T15:48:05.595238Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-22T15:48:11.914Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.21014",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.8066",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.7314",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.5854",
              "status": "affected",
              "version": "10.0.19044.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.5854",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.5335",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.5335",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.5335",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 24H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.4061",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.8066",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.8066",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.7314",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.7314",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.3692",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.1611",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.4061",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.4061",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.7314",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.7314",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.7314",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.3692",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.5854",
                  "versionStartIncluding": "10.0.19044.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.5335",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.5854",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.4061",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.5335",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.5335",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.1611",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.26100.4061",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.4061",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.21014",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.8066",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.8066",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.8066",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-08-21T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T18:55:01.330Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Certificate Spoofing Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55229"
        }
      ],
      "title": "Windows Certificate Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-55229",
    "datePublished": "2025-08-21T19:50:40.421Z",
    "dateReserved": "2025-08-11T20:26:16.631Z",
    "dateUpdated": "2026-02-13T18:55:01.330Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-55039 (GCVE-0-2025-55039)

Vulnerability from cvelistv5 – Published: 2025-10-15 07:19 – Updated: 2025-11-04 21:13
VLAI
Title
Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks
Summary
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true (it is set to false by default), but spark.network.crypto.cipher is not explicitly configured, Spark defaults to AES in CTR mode (AES/CTR/NoPadding), which provides encryption without authentication. This vulnerability allows a man-in-the-middle attacker to modify encrypted RPC traffic undetected by flipping bits in ciphertext, potentially compromising heartbeat messages or application data and affecting the integrity of Spark workflows. To mitigate this issue, users should either configure spark.network.crypto.cipher to AES/GCM/NoPadding to enable authenticated encryption or enable SSL encryption by setting spark.ssl.enabled to true, which provides stronger transport security.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
  • CWE-326 - Inadequate Encryption Strength
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Spark Affected: 3.5.0 , < 3.5.2 (semver)
Affected: 0 , < 3.4.4 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-55039",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T19:33:07.860034Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T19:33:31.064Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:13:00.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/14/11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.spark:spark-network-common_2.13",
          "product": "Apache Spark",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.5.2",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.spark:spark-network-common_2.12",
          "product": "Apache Spark",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.5.2",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis issue affects Apache Spark versions before  3.4.4,\u0026nbsp;3.5.2 and 4.0.0.\u003c/p\u003e\u003cp\u003e\u003c/p\u003eApache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.\u003cp\u003e\u003c/p\u003e\u003cp\u003eWhen \u003ccode\u003espark.network.crypto.enabled\u003c/code\u003e is set to true (it is set to false by default), but \u003ccode\u003espark.network.crypto.cipher\u003c/code\u003e is not explicitly configured, Spark defaults to AES in CTR mode (\u003ccode\u003eAES/CTR/NoPadding\u003c/code\u003e), which provides encryption without authentication.\u003c/p\u003e\u003cp\u003eThis vulnerability allows a man-in-the-middle attacker to modify encrypted RPC traffic undetected by flipping bits in ciphertext, potentially compromising heartbeat messages or application data and affecting the integrity of Spark workflows.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eTo mitigate this issue, users should either configure \u003ccode\u003espark.network.crypto.cipher\u003c/code\u003e to \u003ccode\u003eAES/GCM/NoPadding\u003c/code\u003e to enable authenticated encryption or\u003c/p\u003e\u003cp\u003eenable SSL encryption by setting \u003ccode\u003espark.ssl.enabled\u003c/code\u003e to true, which provides stronger transport security.\u003c/p\u003e"
            }
          ],
          "value": "This issue affects Apache Spark versions before  3.4.4,\u00a03.5.2 and 4.0.0.\n\n\n\nApache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.\n\nWhen spark.network.crypto.enabled is set to true (it is set to false by default), but spark.network.crypto.cipher is not explicitly configured, Spark defaults to AES in CTR mode (AES/CTR/NoPadding), which provides encryption without authentication.\n\nThis vulnerability allows a man-in-the-middle attacker to modify encrypted RPC traffic undetected by flipping bits in ciphertext, potentially compromising heartbeat messages or application data and affecting the integrity of Spark workflows.\n\n\nTo mitigate this issue, users should either configure spark.network.crypto.cipher to AES/GCM/NoPadding to enable authenticated encryption or\n\nenable SSL encryption by setting spark.ssl.enabled to true, which provides stronger transport security."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326 Inadequate Encryption Strength",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-15T07:19:25.493Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/zrgyy9l85nm2c7vk36vr7bkyorg3w4qq"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-55039",
    "datePublished": "2025-10-15T07:19:25.493Z",
    "dateReserved": "2025-08-06T00:27:38.654Z",
    "dateUpdated": "2025-11-04T21:13:00.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54982 (GCVE-0-2025-54982)

Vulnerability from cvelistv5 – Published: 2025-08-05 05:36 – Updated: 2026-02-26 17:49
VLAI
Title
SAML 2.0 Public Key Validation Issue
Summary
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
Zscaler Authentication Server Affected: 0 , < 6.2r (custom)
Create a notification for this product.
Credits
Richard Warren, AmberWolf
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-19T03:55:32.996098Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:49:58.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Authentication Server",
          "vendor": "Zscaler",
          "versions": [
            {
              "lessThan": "6.2r",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Richard Warren, AmberWolf"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper verification of cryptographic signature in Zscaler\u0027s SAML authentication mechanism on the server-side allowed an authentication abuse.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "An improper verification of cryptographic signature in Zscaler\u0027s SAML authentication mechanism on the server-side allowed an authentication abuse."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114 Authentication Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-05T05:36:06.752Z",
        "orgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
        "shortName": "Zscaler"
      },
      "references": [
        {
          "url": "https://help.zscaler.com/zia/about-identity-providers"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SAML 2.0 Public Key Validation Issue",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
    "assignerShortName": "Zscaler",
    "cveId": "CVE-2025-54982",
    "datePublished": "2025-08-05T05:36:06.752Z",
    "dateReserved": "2025-08-04T14:51:53.367Z",
    "dateUpdated": "2026-02-26T17:49:58.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54549 (GCVE-0-2025-54549)

Vulnerability from cvelistv5 – Published: 2025-10-29 22:55 – Updated: 2025-10-30 14:12
VLAI
Title
Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
Summary
Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
Arista Networks DANZ Monitoring Fabric Affected: 0 (custom)
Affected: 0 , ≤ DMF 8.6.1 (custom)
Affected: 0 , ≤ DMF 8.5.2 (custom)
Affected: 0 , ≤ CCF 6.2.4 (custom)
Affected: 0 , ≤ CVA 7.0 (custom)
Affected: 0 , ≤ MCD 2.4.0 (custom)
Create a notification for this product.
Date Public
2025-10-22 15:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54549",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-30T14:12:50.353170Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-30T14:12:59.838Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "DCA-350E-CV",
            "DCA-300-CV",
            "DCA-250-CV",
            "DCA-200-CV",
            "Arista Converged Cloud Fabric",
            "Arista DANZ Monitoring Fabric",
            "Arista Multi-Cloud Director"
          ],
          "product": "DANZ Monitoring Fabric",
          "vendor": "Arista Networks",
          "versions": [
            {
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "DMF 8.6.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "DMF 8.5.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "CCF 6.2.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "CVA 7.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "MCD 2.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe operator must attempt to install a tampered software upgrade image.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "The operator must attempt to install a tampered software upgrade image."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.6.1",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.6.1",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.6.1",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.6.1",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.6.1",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.6.1",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.6.1",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.5.2",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.5.2",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.5.2",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.5.2",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.5.2",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.5.2",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
                  "versionEndIncluding": "dmf_8.5.2",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
                  "versionEndIncluding": "ccf_6.2.4",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
                  "versionEndIncluding": "ccf_6.2.4",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
                  "versionEndIncluding": "ccf_6.2.4",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
                  "versionEndIncluding": "ccf_6.2.4",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
                  "versionEndIncluding": "ccf_6.2.4",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
                  "versionEndIncluding": "ccf_6.2.4",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
                  "versionEndIncluding": "ccf_6.2.4",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
                  "versionEndIncluding": "cva_7.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
                  "versionEndIncluding": "cva_7.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
                  "versionEndIncluding": "cva_7.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
                  "versionEndIncluding": "cva_7.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
                  "versionEndIncluding": "cva_7.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
                  "versionEndIncluding": "cva_7.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
                  "versionEndIncluding": "cva_7.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
                  "versionEndIncluding": "mcd_2.4.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
                  "versionEndIncluding": "mcd_2.4.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
                  "versionEndIncluding": "mcd_2.4.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
                  "versionEndIncluding": "mcd_2.4.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
                  "versionEndIncluding": "mcd_2.4.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
                  "versionEndIncluding": "mcd_2.4.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
                  "versionEndIncluding": "mcd_2.4.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "datePublic": "2025-10-22T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-186",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-186 Malicious Software Update"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T22:55:54.433Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eDanz Monitoring Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eDMF 8.7.1 and later releases in the 8.7.x train\u003c/li\u003e\u003cli\u003eDMF 8.6.2 and later releases in the 8.6.x train\u003c/li\u003e\u003cli\u003eDMF 8.5.3 and later releases in the 8.5.x train\u003c/li\u003e\u003cli\u003eDMF 8.4.6 and later releases in the 8.4.x train.\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eConverged Cloud Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCCF 6.2.5 and later releases in the 6.2.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eCloud Vision Appliance\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCVA 7.1.0 and later releases in the CVA 7.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eMulti-Cloud Director\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eMCD 2.4.1 and later releases in the 2.4.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n  *  DMF 8.7.1 and later releases in the 8.7.x train\n  *  DMF 8.6.2 and later releases in the 8.6.x train\n  *  DMF 8.5.3 and later releases in the 8.5.x train\n  *  DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n  *  CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n  *  CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n  *  MCD 2.4.1 and later releases in the 2.4.x train"
        }
      ],
      "source": {
        "advisory": "124",
        "defect": [
          "BUG1121566",
          "BSC-20815"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA downloaded upgrade image can be manually checked against the hash values published on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/software-download\"\u003earista.com\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf the published hash values do not match those of the image this is a potential indicator of compromise.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A downloaded upgrade image can be manually checked against the hash values published on  arista.com https://www.arista.com/support/software-download .\nIf the published hash values do not match those of the image this is a potential indicator of compromise."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2025-54549",
    "datePublished": "2025-10-29T22:55:54.433Z",
    "dateReserved": "2025-07-24T18:47:24.387Z",
    "dateUpdated": "2025-10-30T14:12:59.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54419 (GCVE-0-2025-54419)

Vulnerability from cvelistv5 – Published: 2025-07-28 19:47 – Updated: 2025-07-28 20:39
VLAI
Title
Node-SAML Contains SAML Signature Verification Vulnerability
Summary
A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. To conduct the attack an attacker would need a validly signed document from the identity provider (IdP). This is fixed in version 5.1.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
node-saml node-saml Affected: = 5.0.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54419",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-28T20:22:05.293397Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-28T20:22:19.865Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "node-saml",
          "vendor": "node-saml",
          "versions": [
            {
              "status": "affected",
              "version": "= 5.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. To conduct the attack an attacker would need a validly signed document from the identity provider (IdP). This is fixed in version 5.1.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T20:39:07.897Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/node-saml/node-saml/security/advisories/GHSA-4mxg-3p6v-xgq3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-4mxg-3p6v-xgq3"
        },
        {
          "name": "https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10"
        },
        {
          "name": "https://github.com/node-saml/node-saml/releases/tag/v5.1.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/node-saml/releases/tag/v5.1.0"
        }
      ],
      "source": {
        "advisory": "GHSA-4mxg-3p6v-xgq3",
        "discovery": "UNKNOWN"
      },
      "title": "Node-SAML Contains SAML Signature Verification Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54419",
    "datePublished": "2025-07-28T19:47:46.584Z",
    "dateReserved": "2025-07-21T23:18:10.281Z",
    "dateUpdated": "2025-07-28T20:39:07.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-54369 (GCVE-0-2025-54369)

Vulnerability from cvelistv5 – Published: 2025-12-12 23:03 – Updated: 2026-05-07 20:46
VLAI
Title
Node-SAML SAML Authentication Bypass
Summary
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. This issue is fixed in version 5.1.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-87 - Improper Neutralization of Alternate XSS Syntax
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
node-saml node-saml Affected: < 5.1.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54369",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-15T14:55:48.902160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-15T14:56:46.817Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "node-saml",
          "vendor": "node-saml",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. This issue is fixed in version 5.1.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-87",
              "description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T20:46:21.508Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/node-saml/node-saml/security/advisories/GHSA-m837-g268-mmv7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-m837-g268-mmv7"
        },
        {
          "name": "https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10"
        },
        {
          "name": "https://github.com/node-saml/node-saml/releases/tag/v5.1.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/node-saml/releases/tag/v5.1.0"
        }
      ],
      "source": {
        "advisory": "GHSA-m837-g268-mmv7",
        "discovery": "UNKNOWN"
      },
      "title": "Node-SAML SAML Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54369",
    "datePublished": "2025-12-12T23:03:52.427Z",
    "dateReserved": "2025-07-21T16:12:20.732Z",
    "dateUpdated": "2026-05-07T20:46:21.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.