cve-2025-2516
Vulnerability from cvelistv5
Published
2025-03-27 14:29
Modified
2025-03-27 15:15
Severity ?
EPSS score ?
Summary
Use of a weak cryptographic key in the signature verification process in WPS Office
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kingsoft | WPS Office |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:15:47.648387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:15:56.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.wps.com/",
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "WPS Office",
"vendor": "Kingsoft",
"versions": [
{
"status": "unknown",
"version": "12.1.0.18276",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components.\u003c/div\u003e\u003cdiv\u003eAs older versions of WPS Office did not validate the update server\u0027s certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked.\u003c/div\u003e"
}
],
"value": "The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components.\n\nAs older versions of WPS Office did not validate the update server\u0027s certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability was also found by a threat actor who weaponized it.\u003cbr\u003e"
}
],
"value": "This vulnerability was also found by a threat actor who weaponized it."
}
],
"impacts": [
{
"capecId": "CAPEC-20",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-20 Encryption Brute Forcing"
}
]
},
{
"capecId": "CAPEC-187",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-187 Malicious Automated Software Update via Redirection"
}
]
},
{
"capecId": "CAPEC-485",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-485 Signature Spoofing by Key Recreation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:29:22.907Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of a weak cryptographic key in the signature verification process in WPS Office",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2025-2516",
"datePublished": "2025-03-27T14:29:22.907Z",
"dateReserved": "2025-03-19T07:49:48.800Z",
"dateUpdated": "2025-03-27T15:15:56.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-2516\",\"sourceIdentifier\":\"security@eset.com\",\"published\":\"2025-03-27T15:16:01.280\",\"lastModified\":\"2025-03-27T16:45:12.210\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components.\\n\\nAs older versions of WPS Office did not validate the update server\u0027s certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@eset.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber\",\"baseScore\":9.5,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"AMBER\"}}]},\"weaknesses\":[{\"source\":\"security@eset.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]}],\"references\":[{\"url\":\"https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/\",\"source\":\"security@eset.com\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.