Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-47276
Awaiting Analysis
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-13 May, 2025 | 16:15
Updated At-13 May, 2025 | 19:35

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer users building a full Debian Operating System are affected. Users should upgrade to version 1.2.0 of Actualizer. Existing OS deployment requires manual password changes against the alpha and root accounts. The change will deploy's Debian's yescript overriding the older SHA512 hash created by OpenSSL. As a workaround, users need to reset both `root` and "Alpha" users' passwords.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-328Primarysecurity-advisories@github.com
CWE ID: CWE-328
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.htmlsecurity-advisories@github.com
N/A
https://github.com/ChewKeanHo/Actualizer/commit/32c9cc232c856f078f8269fba80ce7562bbff86bsecurity-advisories@github.com
N/A
https://github.com/ChewKeanHo/Actualizer/issues/1security-advisories@github.com
N/A
https://github.com/ChewKeanHo/Actualizer/releases/tag/v1.2.0security-advisories@github.com
N/A
https://github.com/ChewKeanHo/Actualizer/security/advisories/GHSA-v626-chv9-v9qrsecurity-advisories@github.com
N/A
https://github.com/openssl/openssl/issues/19340security-advisories@github.com
N/A
https://www.reddit.com/r/debian/comments/1kknzqi/actualizer_v110_upgradedsecurity-advisories@github.com
N/A
Hyperlink: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/ChewKeanHo/Actualizer/commit/32c9cc232c856f078f8269fba80ce7562bbff86b
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/ChewKeanHo/Actualizer/issues/1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/ChewKeanHo/Actualizer/releases/tag/v1.2.0
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/ChewKeanHo/Actualizer/security/advisories/GHSA-v626-chv9-v9qr
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/openssl/openssl/issues/19340
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://www.reddit.com/r/debian/comments/1kknzqi/actualizer_v110_upgraded
Source: security-advisories@github.com
Resource: N/A
Change History
0Changes found
Details not found