CVE-2025-45764

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-45764
jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

3.2 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://gist.github.com/ZupeiNie/2250cf1758771d56272dc326ce066202
https://github.com/kjur/jsrsasign/issues/634
Configurations

No configuration.

History

26 Aug 2025, 19:15

Type Values Removed Values Added
CWE CWE-327
Summary
  • (es) Se descubrió que jsrsasign v11.1.0 contenía un cifrado débil. NOTA: Este problema ha sido cuestionado por un tercero que considera que los ID de CVE pueden asignarse a longitudes de clave en aplicaciones específicas que usan una librería, y no deberían asignarse a las longitudes de clave predeterminadas de una librería. Esta disputa está sujeta a revisión según las reglas 4.1.4 y 4.1.14 de la CNA, entre otras; el etiquetado de la disputa no pretende recomendar una solución para este registro de CVE.

07 Aug 2025, 05:15

Type Values Removed Values Added
References
  • {'url': 'https://github.com/kjur/jsrsasign', 'source': 'cve@mitre.org'}
  • () https://github.com/kjur/jsrsasign/issues/634 -
CVSS v2 : unknown
v3 : 7.0 		v2 : unknown
v3 : 3.2
Summary (en) jsrsasign v11.1.0 was discovered to contain weak encryption. (en) jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CWE CWE-326

06 Aug 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-06 20:15

Updated : 2025-08-26 19:15

NVD link : CVE-2025-45764

Mitre link : CVE-2025-45764

CVE.ORG link : CVE-2025-45764

JSON object : View

Products Affected

No product.

CWE
CWE-326

Inadequate Encryption Strength