CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1127 vulnerabilities reference this CWE, most recent first.
CVE-2025-52556 (GCVE-0-2025-52556)
Vulnerability from cvelistv5 – Published: 2025-06-21 01:33 – Updated: 2025-06-23 15:13- CWE-347 - Improper Verification of Cryptographic Signature
| URL | Tags |
|---|---|
| https://github.com/trailofbits/rfc3161-client/sec… | x_refsource_CONFIRM |
| https://github.com/trailofbits/rfc3161-client/com… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| trailofbits | rfc3161-client |
Affected:
< 1.0.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T15:13:25.593940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T15:13:49.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rfc3161-client",
"vendor": "trailofbits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR\u0027s embedded certificates up to the trusted root(s), but fails to verify the TSR\u0027s own signature against the timestamping leaf certificates. Consequently, vulnerable versions perform insufficient signature validation to properly consider a TSR verified, as the attacker can introduce any TSR signature so long as the embedded leaf chains up to some root TSA. This issue has been patched in version 1.0.3. There is no workaround for this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-21T01:33:18.829Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/trailofbits/rfc3161-client/security/advisories/GHSA-6qhv-4h7r-2g9m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/trailofbits/rfc3161-client/security/advisories/GHSA-6qhv-4h7r-2g9m"
},
{
"name": "https://github.com/trailofbits/rfc3161-client/commit/724a184f953e3f171f85cb223871172b41b0d0dc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/trailofbits/rfc3161-client/commit/724a184f953e3f171f85cb223871172b41b0d0dc"
}
],
"source": {
"advisory": "GHSA-6qhv-4h7r-2g9m",
"discovery": "UNKNOWN"
},
"title": "rfc3161-client has insufficient verification for timestamp response signatures"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52556",
"datePublished": "2025-06-21T01:33:18.829Z",
"dateReserved": "2025-06-18T03:55:52.035Z",
"dateUpdated": "2025-06-23T15:13:49.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52550 (GCVE-0-2025-52550)
Vulnerability from cvelistv5 – Published: 2025-09-02 11:26 – Updated: 2025-09-02 13:40- CWE-347 - Improper Verification of Cryptographic Signature
| Vendor | Product | Version | |
|---|---|---|---|
| Copeland LP | E3 Supervisory Control |
Affected:
0 , < 2.31F01
(firmware)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T13:40:36.613610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T13:40:43.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "E3 Supervisory Control",
"vendor": "Copeland LP",
"versions": [
{
"lessThan": "2.31F01",
"status": "affected",
"version": "0",
"versionType": "firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armis Labs"
}
],
"datePublic": "2025-07-29T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "E3 Site Supervisor Control (firmware version \u0026lt; 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.\u003cbr\u003e"
}
],
"value": "E3 Site Supervisor Control (firmware version \u003c 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T11:26:35.207Z",
"orgId": "dd59f033-460c-4b88-a075-d4d3fedb6191",
"shortName": "Armis"
},
"references": [
{
"url": "https://www.armis.com/research/frostbyte10/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade firmware of affected E3 Supervisory Controls to a version \u0026gt; 2.30F1.\u003cbr\u003e"
}
],
"value": "Upgrade firmware of affected E3 Supervisory Controls to a version \u003e 2.30F1."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Firmware upgrade packages are unsigned",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks."
}
],
"value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd59f033-460c-4b88-a075-d4d3fedb6191",
"assignerShortName": "Armis",
"cveId": "CVE-2025-52550",
"datePublished": "2025-09-02T11:26:35.207Z",
"dateReserved": "2025-06-17T17:29:21.842Z",
"dateUpdated": "2025-09-02T13:40:43.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47949 (GCVE-0-2025-47949)
Vulnerability from cvelistv5 – Published: 2025-05-19 19:28 – Updated: 2025-05-20 13:00- CWE-347 - Improper Verification of Cryptographic Signature
| URL | Tags |
|---|---|
| https://github.com/tngan/samlify/security/advisor… | x_refsource_CONFIRM |
| https://github.com/tngan/samlify/commit/115679acd… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T13:00:34.492461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T13:00:40.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "samlify",
"vendor": "tngan",
"versions": [
{
"status": "affected",
"version": "\u003c 2.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T19:28:45.476Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tngan/samlify/security/advisories/GHSA-r683-v43c-6xqv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tngan/samlify/security/advisories/GHSA-r683-v43c-6xqv"
},
{
"name": "https://github.com/tngan/samlify/commit/115679acd89f0a37ea3ebd8fff7db54fca3e8af3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tngan/samlify/commit/115679acd89f0a37ea3ebd8fff7db54fca3e8af3"
}
],
"source": {
"advisory": "GHSA-r683-v43c-6xqv",
"discovery": "UNKNOWN"
},
"title": "samlify SAML Signature Wrapping attack"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47949",
"datePublished": "2025-05-19T19:28:45.476Z",
"dateReserved": "2025-05-14T10:32:43.530Z",
"dateUpdated": "2025-05-20T13:00:40.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47934 (GCVE-0-2025-47934)
Vulnerability from cvelistv5 – Published: 2025-05-19 18:57 – Updated: 2025-05-20 13:02- CWE-347 - Improper Verification of Cryptographic Signature
| URL | Tags |
|---|---|
| https://github.com/openpgpjs/openpgpjs/security/a… | x_refsource_CONFIRM |
| https://github.com/openpgpjs/openpgpjs/commit/43f… | x_refsource_MISC |
| https://github.com/openpgpjs/openpgpjs/commit/bd5… | x_refsource_MISC |
| https://github.com/openpgpjs/openpgpjs/releases/t… | x_refsource_MISC |
| https://github.com/openpgpjs/openpgpjs/releases/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T13:02:53.093390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T13:02:58.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openpgpjs",
"vendor": "openpgpjs",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.1, \u003c 5.11.3"
},
{
"status": "affected",
"version": "\u003e= 6.0.0-alpha.0, \u003c 6.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker\u0027s choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker\u0027s choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T18:57:05.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1"
}
],
"source": {
"advisory": "GHSA-8qff-qr5q-5pr8",
"discovery": "UNKNOWN"
},
"title": "OpenPGP.js\u0027s message signature verification can be spoofed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47934",
"datePublished": "2025-05-19T18:57:05.602Z",
"dateReserved": "2025-05-14T10:32:43.529Z",
"dateUpdated": "2025-05-20T13:02:58.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46774 (GCVE-0-2025-46774)
Vulnerability from cvelistv5 – Published: 2025-10-14 15:23 – Updated: 2026-02-26 17:47- CWE-347 - Escalation of privilege
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:56:20.193267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:32.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.9",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:17:59.755Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-126",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-126"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientMac version 7.4.4 or above\nUpgrade to FortiClientMac version 7.2.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-46774",
"datePublished": "2025-10-14T15:23:47.725Z",
"dateReserved": "2025-04-29T08:42:13.449Z",
"dateUpdated": "2026-02-26T17:47:32.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43903 (GCVE-0-2025-43903)
Vulnerability from cvelistv5 – Published: 2025-04-18 00:00 – Updated: 2025-04-21 02:51- CWE-347 - Improper Verification of Cryptographic Signature
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | Poppler |
Affected:
0 , < 25.04.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T02:50:50.020749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T02:51:02.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Poppler",
"vendor": "freedesktop",
"versions": [
{
"lessThan": "25.04.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T21:08:57.632Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-43903",
"datePublished": "2025-04-18T00:00:00.000Z",
"dateReserved": "2025-04-18T00:00:00.000Z",
"dateUpdated": "2025-04-21T02:51:02.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43023 (GCVE-0-2025-43023)
Vulnerability from cvelistv5 – Published: 2025-07-28 17:46 – Updated: 2025-11-04 21:10- CWE-347 - Improper Verification of Cryptographic Signature
| Vendor | Product | Version | |
|---|---|---|---|
| HP, Inc. | HP Linux Imaging and Printing Software |
Affected:
See HP security bulletin reference for affected versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T18:00:04.541562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T18:32:55.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:27.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/22/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HP Linux Imaging and Printing Software",
"vendor": "HP, Inc.",
"versions": [
{
"status": "affected",
"version": "See HP security bulletin reference for affected versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).\u003c/span\u003e"
}
],
"value": "A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA)."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:46:46.398Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_12804224-12804228-16/hpsbpi04033"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HP Linux Imaging and Printing Software - Use of DSA Key",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2025-43023",
"datePublished": "2025-07-28T17:46:46.398Z",
"dateReserved": "2025-04-16T13:49:21.689Z",
"dateUpdated": "2025-11-04T21:10:27.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41767 (GCVE-0-2025-41767)
Vulnerability from cvelistv5 – Published: 2026-03-09 08:18 – Updated: 2026-03-09 18:19- CWE-347 - Improper Verification of Cryptographic Signature
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T18:18:54.140033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T18:19:09.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UBR-01 Mk II",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UBR-02",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UBR-LON",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Adrien Rey from Cyber Defense Campus Zurich"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Hulliger from Armasuisse"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.\u003cbr\u003e"
}
],
"value": "A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T08:18:17.428Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.mbs-solutions.de/mbs-2025-0001"
}
],
"source": {
"defect": [
"CERT@VDE#641895"
],
"discovery": "UNKNOWN"
},
"title": "Signature bypass on update upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41767",
"datePublished": "2026-03-09T08:18:17.428Z",
"dateReserved": "2025-04-16T11:18:45.761Z",
"dateUpdated": "2026-03-09T18:19:09.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41669 (GCVE-0-2025-41669)
Vulnerability from cvelistv5 – Published: 2026-05-27 07:18 – Updated: 2026-05-27 12:04- CWE-347 - Improper Verification of Cryptographic Signature
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix Contact | AXC F 1152 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | AXC F 1252 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | AXC F 2000 EA |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | AXC F 2152 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | AXC F 3152 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | BPC 9102S |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | EPC 1522 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | RFC 4072R |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | RFC 4072S |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | VL3 UPC 2440 EDGE |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | VPLCNEXT CONTROL 1000 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | VPLCNEXT CONTROL 2000 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | VPLCNEXT CONTROL 3000 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | VPLCNEXT CONTROL 500 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T11:53:22.514056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T12:04:07.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 1252",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2000 EA",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1522",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072R",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VL3 UPC 2440 EDGE",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPLCNEXT CONTROL 1000",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPLCNEXT CONTROL 2000",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPLCNEXT CONTROL 3000",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPLCNEXT CONTROL 500",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:axc_f_1152:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:axc_f_1252:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:axc_f_2000_ea:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:axc_f_2152:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:axc_f_3152:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:bpc_9102s:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:epc_1522:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:rfc_4072r:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:rfc_4072s:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:vl3_upc_2440_edge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:vplcnext_control_1000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:vplcnext_control_2000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:vplcnext_control_3000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:vplcnext_control_500:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Diego Giubertoni from Nozomi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control."
}
],
"value": "The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T07:18:28.236Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.certvde.com/en/advisories/VDE-2026-050/"
}
],
"source": {
"advisory": "VDE-2026-050",
"defect": [
"CERT@VDE#641839"
],
"discovery": "UNKNOWN"
},
"title": "Insufficient Verification of Data Authenticity",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41669",
"datePublished": "2026-05-27T07:18:28.236Z",
"dateReserved": "2025-04-16T11:17:48.308Z",
"dateUpdated": "2026-05-27T12:04:07.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40934 (GCVE-0-2025-40934)
Vulnerability from cvelistv5 – Published: 2025-11-26 22:34 – Updated: 2025-11-28 18:54- CWE-347 - Improper Verification of Cryptographic Signature
| URL | Tags |
|---|---|
| https://github.com/perl-net-saml2/perl-XML-Sig/is… | issue-tracking |
| https://github.com/perl-net-saml2/perl-XML-Sig/pull/64 | patch |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-40934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T18:50:44.544431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T18:54:00.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "XML-Sig",
"product": "XML::Sig",
"programFiles": [
"lib/XML/Sig.pm"
],
"programRoutines": [
{
"name": "verify()"
}
],
"repo": "https://github.com/perl-net-saml2/perl-XML-Sig",
"vendor": "TIMLEGGE",
"versions": [
{
"lessThan": "0.68",
"status": "affected",
"version": "0.27",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "gttds"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.\u003cbr\u003e\u003cbr\u003eAn attacker can remove the signature from the XML document to make it pass the verification check.\u003cbr\u003e\u003cbr\u003eXML-Sig is a Perl module to validate signatures on XML files.\u0026nbsp; An unsigned XML file should return an error message.\u0026nbsp; The affected versions return true when attempting to validate an XML file that contains no signatures.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.\n\nAn attacker can remove the signature from the XML document to make it pass the verification check.\n\nXML-Sig is a Perl module to validate signatures on XML files.\u00a0 An unsigned XML file should return an error message.\u00a0 The affected versions return true when attempting to validate an XML file that contains no signatures."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T22:34:33.569Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/perl-net-saml2/perl-XML-Sig/issues/63"
},
{
"tags": [
"patch"
],
"url": "https://github.com/perl-net-saml2/perl-XML-Sig/pull/64"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 0.68"
}
],
"value": "Upgrade to version 0.68"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XML-Sig prior to 0.68 for Perl improperly validates XML without signatures",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-40934",
"datePublished": "2025-11-26T22:34:33.569Z",
"dateReserved": "2025-04-16T09:05:34.363Z",
"dateUpdated": "2025-11-28T18:54:00.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.