Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-9513

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-27 Aug, 2025 | 05:32
Updated At-28 Aug, 2025 | 18:15
Rejected At-
Credits

editso fuso mod.rs PenetrateRsaAndAesHandshake inadequate encryption

A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is reported as difficult.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:27 Aug, 2025 | 05:32
Updated At:28 Aug, 2025 | 18:15
Rejected At:
▼CVE Numbering Authority (CNA)
editso fuso mod.rs PenetrateRsaAndAesHandshake inadequate encryption

A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is reported as difficult.

Affected Products
Vendor
editso
Product
fuso
Versions
Affected
  • 1.0.4-beta.0
  • 1.0.4-beta.1
  • 1.0.4-beta.2
  • 1.0.4-beta.3
  • 1.0.4-beta.4
  • 1.0.4-beta.5
  • 1.0.4-beta.6
  • 1.0.4-beta.7
Problem Types
TypeCWE IDDescription
CWECWE-326Inadequate Encryption Strength
CWECWE-310Cryptographic Issues
Type: CWE
CWE ID: CWE-326
Description: Inadequate Encryption Strength
Type: CWE
CWE ID: CWE-310
Description: Cryptographic Issues
Metrics
VersionBase scoreBase severityVector
4.06.3MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
3.03.7LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
2.02.6N/A
AV:N/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:UR
Version: 4.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
Version: 3.0
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
Version: 2.0
Base score: 2.6
Base severity: N/A
Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
dev03301 (VulDB User)
Timeline
EventDate
Advisory disclosed2025-08-26 00:00:00
VulDB entry created2025-08-26 02:00:00
VulDB entry last update2025-08-26 22:49:03
Event: Advisory disclosed
Date: 2025-08-26 00:00:00
Event: VulDB entry created
Date: 2025-08-26 02:00:00
Event: VulDB entry last update
Date: 2025-08-26 22:49:03
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.321506
vdb-entry
technical-description
https://vuldb.com/?ctiid.321506
signature
permissions-required
https://vuldb.com/?submit.635449
third-party-advisory
https://chatgpt.com/share/68ae1bfa-8cd4-8005-8add-969bc42047b4
related
Hyperlink: https://vuldb.com/?id.321506
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.321506
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.635449
Resource:
third-party-advisory
Hyperlink: https://chatgpt.com/share/68ae1bfa-8cd4-8005-8add-969bc42047b4
Resource:
related
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:27 Aug, 2025 | 06:15
Updated At:27 Aug, 2025 | 06:15

A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is reported as difficult.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.3MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary2.02.6LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 2.0
Base score: 2.6
Base severity: LOW
Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-310Primarycna@vuldb.com
CWE-326Primarycna@vuldb.com
CWE ID: CWE-310
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-326
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chatgpt.com/share/68ae1bfa-8cd4-8005-8add-969bc42047b4cna@vuldb.com
N/A
https://vuldb.com/?ctiid.321506cna@vuldb.com
N/A
https://vuldb.com/?id.321506cna@vuldb.com
N/A
https://vuldb.com/?submit.635449cna@vuldb.com
N/A
Hyperlink: https://chatgpt.com/share/68ae1bfa-8cd4-8005-8add-969bc42047b4
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.321506
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.321506
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.635449
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2024-30119
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-3.7||LOW
EPSS-0.03% / 5.38%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 21:34
Updated-02 Aug, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This could allow an attacker to intercept or manipulate data during redirection.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-DRYiCE Optibot Reset Stationdryice_optibot_reset_station
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-9239
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 0.61%
||
7 Day CHG-0.00%
Published-20 Aug, 2025 | 18:02
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult.

Action-Not Available
Vendor-elunez
Product-eladmin
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-7789
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 2.65%
||
7 Day CHG~0.00%
Published-18 Jul, 2025 | 15:14
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Xuxueli
Product-xxl-job
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2025-4894
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 1.14%
||
7 Day CHG~0.00%
Published-18 May, 2025 | 20:00
Updated-05 Jun, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption

A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Action-Not Available
Vendor-calmkart
Product-django-sso-serverDjango-sso-server
CWE ID-CWE-326
Inadequate Encryption Strength
Details not found