← Back

CVE-2025-47222

nvd nist
Published: Nov 13, 2025Modified: Dec 17, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Exploitability: 3.9 / Impact: 2.5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information about the classes loaded in the application or not to the clientside.

Affected (1)

Keyfactor
1 product
Signserver
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Signserver
Before 7.3.1

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Product
Source: cve@mitre.org

Timeline

No history available yet.