CVE-2025-4894

A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://vuldb.com/?ctiid.309448	Permissions Required VDB Entry
https://vuldb.com/?id.309448	Third Party Advisory VDB Entry
https://vuldb.com/?submit.578019	Third Party Advisory VDB Entry Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:calmkart:django-sso-server:*:*:*:*:*:*:*:*

History

05 Jun 2025, 19:39

Type	Values Removed	Values Added
References	~~() https://vuldb.com/?ctiid.309448 -~~	() https://vuldb.com/?ctiid.309448 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.309448 -~~	() https://vuldb.com/?id.309448 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.578019 -~~	() https://vuldb.com/?submit.578019 - Third Party Advisory, VDB Entry, Exploit
CPE		cpe:2.3:a:calmkart:django-sso-server::::::::
First Time		Calmkart Calmkart django-sso-server

19 May 2025, 13:35

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad clasificada como problemática en calmkart Django-sso-server hasta 057247929a94ffc358788a37ab99e391379a4d15. Esta vulnerabilidad afecta la función gen_rsa_keys del archivo common/crypto.py. La manipulación resulta en una seguridad de cifrado insuficiente. El ataque puede ejecutarse en remoto. La complejidad del ataque es bastante alta. La explotación parece difícil. Este producto utiliza una versión continua para garantizar una distribución continua. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las versiones actualizadas.

18 May 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-18 20:15

Updated : 2025-06-05 19:39

NVD link : CVE-2025-4894

Mitre link : CVE-2025-4894

CVE.ORG link : CVE-2025-4894

JSON object : View

Products Affected

calmkart

django-sso-server

CWE

CWE-310

Cryptographic Issues

CWE-326

Inadequate Encryption Strength

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2025-4894

3.7^/10

2.6^/10

Attach tags to `CVE-2025-4894`