CVE-2025-46674

Published: Apr 27, 2025Modified: May 29, 2025

9.9

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.1 / Impact: 6.0

Source: NVD

Description

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.

Affected (1)

Products: Nasa: Cryptolib

Nasa

1 product

Cryptolib

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nasa Cryptolib	Before 1.3.2

Related CWEs

CWE-489

Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References (4)

https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2

Source: cve@mitre.org

Product

https://github.com/nasa/CryptoLib/pull/365

Source: cve@mitre.org

Patch

https://securitybynature.fr/post/hacking-cryptolib/

Source: cve@mitre.org

ExploitPress/Media Coverage

https://securitybynature.fr/post/hacking-cryptolib/

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitPress/Media Coverage

Timeline

No history available yet.