CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
CVE-2025-36418 (GCVE-0-2025-36418)
Vulnerability from cvelistv5 – Published: 2026-01-20 15:50 – Updated: 2026-01-20 16:09
VLAI
Title
Multiple vulnerabilities found in IBM ApplinX.
Summary
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges.
Severity
7.3 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7257446 | vendor-advisorypatch |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T16:09:28.415356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T16:09:43.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:applinx:11.1:*:*:*:*:*:*:*"
],
"product": "ApplinX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges.\u003c/p\u003e"
}
],
"value": "IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:51:08.237Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7257446"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading IBM ApplinX. Product Version Remediation/Fix IBM ApplinX 11.1 Download and apply the update from Fix Central here .\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading IBM ApplinX. Product Version Remediation/Fix IBM ApplinX 11.1 Download and apply the update from Fix Central here ."
}
],
"title": "Multiple vulnerabilities found in IBM ApplinX.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36418",
"datePublished": "2026-01-20T15:50:40.562Z",
"dateReserved": "2025-04-15T21:17:01.668Z",
"dateUpdated": "2026-01-20T16:09:43.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40758 (GCVE-0-2025-40758)
Vulnerability from cvelistv5 – Published: 2025-08-14 15:06 – Updated: 2025-08-14 15:18
VLAI
Summary
A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations.
Severity
8.7 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Mendix SAML (Mendix 10.12 compatible) |
Affected:
0 , < V4.0.3
(custom)
|
|
| Siemens | Mendix SAML (Mendix 10.21 compatible) |
Affected:
0 , < V4.1.2
(custom)
|
|
| Siemens | Mendix SAML (Mendix 9.24 compatible) |
Affected:
0 , < V3.6.21
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T15:18:38.766906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T15:18:47.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 10.12 compatible)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 10.21 compatible)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix SAML (Mendix 9.24 compatible)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.6.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions \u003c V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions \u003c V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions \u003c V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T15:06:31.691Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-395458.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40758",
"datePublished": "2025-08-14T15:06:31.691Z",
"dateReserved": "2025-04-16T08:39:30.031Z",
"dateUpdated": "2025-08-14T15:18:47.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40934 (GCVE-0-2025-40934)
Vulnerability from cvelistv5 – Published: 2025-11-26 22:34 – Updated: 2025-11-28 18:54
VLAI
Title
XML-Sig prior to 0.68 for Perl improperly validates XML without signatures
Summary
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.
An attacker can remove the signature from the XML document to make it pass the verification check.
XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should return an error message. The affected versions return true when attempting to validate an XML file that contains no signatures.
Severity
9.3 (Critical)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/perl-net-saml2/perl-XML-Sig/is… | issue-tracking |
| https://github.com/perl-net-saml2/perl-XML-Sig/pull/64 | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-40934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T18:50:44.544431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T18:54:00.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "XML-Sig",
"product": "XML::Sig",
"programFiles": [
"lib/XML/Sig.pm"
],
"programRoutines": [
{
"name": "verify()"
}
],
"repo": "https://github.com/perl-net-saml2/perl-XML-Sig",
"vendor": "TIMLEGGE",
"versions": [
{
"lessThan": "0.68",
"status": "affected",
"version": "0.27",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "gttds"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.\u003cbr\u003e\u003cbr\u003eAn attacker can remove the signature from the XML document to make it pass the verification check.\u003cbr\u003e\u003cbr\u003eXML-Sig is a Perl module to validate signatures on XML files.\u0026nbsp; An unsigned XML file should return an error message.\u0026nbsp; The affected versions return true when attempting to validate an XML file that contains no signatures.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.\n\nAn attacker can remove the signature from the XML document to make it pass the verification check.\n\nXML-Sig is a Perl module to validate signatures on XML files.\u00a0 An unsigned XML file should return an error message.\u00a0 The affected versions return true when attempting to validate an XML file that contains no signatures."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T22:34:33.569Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/perl-net-saml2/perl-XML-Sig/issues/63"
},
{
"tags": [
"patch"
],
"url": "https://github.com/perl-net-saml2/perl-XML-Sig/pull/64"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 0.68"
}
],
"value": "Upgrade to version 0.68"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XML-Sig prior to 0.68 for Perl improperly validates XML without signatures",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-40934",
"datePublished": "2025-11-26T22:34:33.569Z",
"dateReserved": "2025-04-16T09:05:34.363Z",
"dateUpdated": "2025-11-28T18:54:00.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41669 (GCVE-0-2025-41669)
Vulnerability from cvelistv5 – Published: 2026-05-27 07:18 – Updated: 2026-05-27 07:18
VLAI
Title
Insufficient Verification of Data Authenticity
Summary
The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control.
Severity
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix Contact | AXC F 1152 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | AXC F 1252 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | AXC F 2000 EA |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | AXC F 2152 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | AXC F 3152 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | BPC 9102S |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | EPC 1522 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | RFC 4072R |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | RFC 4072S |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | VL3 UPC 2440 EDGE |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | VPLCNEXT CONTROL 1000 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | VPLCNEXT CONTROL 2000 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | VPLCNEXT CONTROL 3000 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
|
| Phoenix Contact | VPLCNEXT CONTROL 500 |
Affected:
0.0.0 , < 2026.0.3
(semver)
|
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 1252",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2000 EA",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1522",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072R",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VL3 UPC 2440 EDGE",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPLCNEXT CONTROL 1000",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPLCNEXT CONTROL 2000",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPLCNEXT CONTROL 3000",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VPLCNEXT CONTROL 500",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2026.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:axc_f_1152:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:axc_f_1252:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:axc_f_2000_ea:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:axc_f_2152:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:axc_f_3152:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:bpc_9102s:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:epc_1522:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:rfc_4072r:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:rfc_4072s:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:vl3_upc_2440_edge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:vplcnext_control_1000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:vplcnext_control_2000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:vplcnext_control_3000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenix_contact:vplcnext_control_500:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.0.3",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Diego Giubertoni from Nozomi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control."
}
],
"value": "The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T07:18:28.236Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.certvde.com/en/advisories/VDE-2026-050/"
}
],
"source": {
"advisory": "VDE-2026-050",
"defect": [
"CERT@VDE#641839"
],
"discovery": "UNKNOWN"
},
"title": "Insufficient Verification of Data Authenticity",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41669",
"datePublished": "2026-05-27T07:18:28.236Z",
"dateReserved": "2025-04-16T11:17:48.308Z",
"dateUpdated": "2026-05-27T07:18:28.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41767 (GCVE-0-2025-41767)
Vulnerability from cvelistv5 – Published: 2026-03-09 08:18 – Updated: 2026-03-09 18:19
VLAI
Title
Signature bypass on update upload
Summary
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.
Severity
7.2 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T18:18:54.140033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T18:19:09.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UBR-01 Mk II",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UBR-02",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UBR-LON",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Adrien Rey from Cyber Defense Campus Zurich"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Hulliger from Armasuisse"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.\u003cbr\u003e"
}
],
"value": "A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T08:18:17.428Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.mbs-solutions.de/mbs-2025-0001"
}
],
"source": {
"defect": [
"CERT@VDE#641895"
],
"discovery": "UNKNOWN"
},
"title": "Signature bypass on update upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41767",
"datePublished": "2026-03-09T08:18:17.428Z",
"dateReserved": "2025-04-16T11:18:45.761Z",
"dateUpdated": "2026-03-09T18:19:09.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43023 (GCVE-0-2025-43023)
Vulnerability from cvelistv5 – Published: 2025-07-28 17:46 – Updated: 2025-11-04 21:10
VLAI
Title
HP Linux Imaging and Printing Software - Use of DSA Key
Summary
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).
Severity
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HP, Inc. | HP Linux Imaging and Printing Software |
Affected:
See HP security bulletin reference for affected versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T18:00:04.541562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T18:32:55.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:27.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/22/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HP Linux Imaging and Printing Software",
"vendor": "HP, Inc.",
"versions": [
{
"status": "affected",
"version": "See HP security bulletin reference for affected versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).\u003c/span\u003e"
}
],
"value": "A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA)."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:46:46.398Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_12804224-12804228-16/hpsbpi04033"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HP Linux Imaging and Printing Software - Use of DSA Key",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2025-43023",
"datePublished": "2025-07-28T17:46:46.398Z",
"dateReserved": "2025-04-16T13:49:21.689Z",
"dateUpdated": "2025-11-04T21:10:27.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4371 (GCVE-0-2025-4371)
Vulnerability from cvelistv5 – Published: 2025-08-18 20:04 – Updated: 2025-08-19 13:01
VLAI
Summary
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.
Severity
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | 510 FHD Webcam |
Affected:
0 , < 4.8.0
(custom)
|
|
| Lenovo | Performance FHD Webcam |
Affected:
0 , < 4.8.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T13:00:54.117524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:01:02.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "510 FHD Webcam",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Performance FHD Webcam",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:510_fhd_webcam:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:performance_fhd_webcam:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Mickey Shkatov and Jesse Michael of Eclypsium for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device \u003c/span\u003eover a USB connection."
}
],
"value": "A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T20:04:19.300Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-194466"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate your web camera by downloading and running versio\u003c/span\u003en 4.8.0\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;of the firmware update tool:\u003c/span\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/accessories/acc500235-lenovo-510-fhd-webcam-overview-and-service-parts\"\u003ehttps://support.lenovo.com/us/en/accessories/acc500235-lenovo-510-fhd-webcam-overview-and-service-parts\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update your web camera by downloading and running version 4.8.0\u00c2\u00a0of the firmware update tool:\n https://support.lenovo.com/us/en/accessories/acc500235-lenovo-510-fhd-webcam-overview-and-service-parts"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-4371",
"datePublished": "2025-08-18T20:04:19.300Z",
"dateReserved": "2025-05-05T19:55:25.838Z",
"dateUpdated": "2025-08-19T13:01:02.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43903 (GCVE-0-2025-43903)
Vulnerability from cvelistv5 – Published: 2025-04-18 00:00 – Updated: 2025-04-21 02:51
VLAI
Summary
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
Severity
4.3 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | Poppler |
Affected:
0 , < 25.04.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T02:50:50.020749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T02:51:02.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Poppler",
"vendor": "freedesktop",
"versions": [
{
"lessThan": "25.04.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T21:08:57.632Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-43903",
"datePublished": "2025-04-18T00:00:00.000Z",
"dateReserved": "2025-04-18T00:00:00.000Z",
"dateUpdated": "2025-04-21T02:51:02.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46774 (GCVE-0-2025-46774)
Vulnerability from cvelistv5 – Published: 2025-10-14 15:23 – Updated: 2026-02-26 17:47
VLAI
Summary
An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.
Severity
CWE
- CWE-347 - Escalation of privilege
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:56:20.193267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:32.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.9",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:17:59.755Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-126",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-126"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientMac version 7.4.4 or above\nUpgrade to FortiClientMac version 7.2.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-46774",
"datePublished": "2025-10-14T15:23:47.725Z",
"dateReserved": "2025-04-29T08:42:13.449Z",
"dateUpdated": "2026-02-26T17:47:32.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47934 (GCVE-0-2025-47934)
Vulnerability from cvelistv5 – Published: 2025-05-19 18:57 – Updated: 2025-05-20 13:02
VLAI
Title
OpenPGP.js's message signature verification can be spoofed
Summary
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker's choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker's choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`.
Severity
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/openpgpjs/openpgpjs/security/a… | x_refsource_CONFIRM |
| https://github.com/openpgpjs/openpgpjs/commit/43f… | x_refsource_MISC |
| https://github.com/openpgpjs/openpgpjs/commit/bd5… | x_refsource_MISC |
| https://github.com/openpgpjs/openpgpjs/releases/t… | x_refsource_MISC |
| https://github.com/openpgpjs/openpgpjs/releases/t… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T13:02:53.093390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T13:02:58.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openpgpjs",
"vendor": "openpgpjs",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.1, \u003c 5.11.3"
},
{
"status": "affected",
"version": "\u003e= 6.0.0-alpha.0, \u003c 6.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker\u0027s choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker\u0027s choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T18:57:05.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1"
}
],
"source": {
"advisory": "GHSA-8qff-qr5q-5pr8",
"discovery": "UNKNOWN"
},
"title": "OpenPGP.js\u0027s message signature verification can be spoofed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47934",
"datePublished": "2025-05-19T18:57:05.602Z",
"dateReserved": "2025-05-14T10:32:43.529Z",
"dateUpdated": "2025-05-20T13:02:58.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.