Common Weakness Enumeration

CWE-321

Allowed

Use of Hard-coded Cryptographic Key

Abstraction: Variant · Status: Draft

The product uses a hard-coded, unchangeable cryptographic key.

503 vulnerabilities reference this CWE, most recent first.

CVE-2025-44963 (GCVE-0-2025-44963)

Vulnerability from cvelistv5 – Published: 2025-08-04 00:00 – Updated: 2025-11-03 20:04
VLAI
Summary
RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
Impacted products
Vendor Product Version
RUCKUS Network Director Affected: 0 , < 4.5 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-44963",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-05T17:42:54.574636Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-05T17:43:00.377Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:04:21.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/613753"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Network Director",
          "vendor": "RUCKUS",
          "versions": [
            {
              "lessThan": "4.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-04T16:18:42.903Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://kb.cert.org/vuls/id/613753"
        },
        {
          "url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
        },
        {
          "url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44963"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-44963",
    "datePublished": "2025-08-04T00:00:00.000Z",
    "dateReserved": "2025-04-22T00:00:00.000Z",
    "dateUpdated": "2025-11-03T20:04:21.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-43483 (GCVE-0-2025-43483)

Vulnerability from cvelistv5 – Published: 2025-07-22 23:14 – Updated: 2025-07-23 20:11
VLAI
Title
Poly Clariti Manager - Multiple Security Vulnerabilities
Summary
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
hp
Impacted products
Vendor Product Version
HP Inc. Poly Clariti Manager Affected: See HP Security Bulletin reference for affected versions.
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43483",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T20:10:49.864916Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T20:11:12.870Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Poly Clariti Manager",
          "vendor": "HP Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "See HP Security Bulletin reference for affected versions."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cp\u003eA potential security vulnerability has been\nidentified in the Poly Clariti Manager for versions prior to 10.12.1. The\nvulnerability could allow the retrieval of hardcoded cryptographic keys. HP has\naddressed the issue in the latest software update.\u003c/p\u003e\u003c/span\u003e"
            }
          ],
          "value": "A potential security vulnerability has been\nidentified in the Poly Clariti Manager for versions prior to 10.12.1. The\nvulnerability could allow the retrieval of hardcoded cryptographic keys. HP has\naddressed the issue in the latest software update."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "ADJACENT",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321: Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T23:14:26.801Z",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "url": "https://support.hp.com/us-en/document/ish_12781425-12781447-16/hbsbpy04037"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Poly Clariti Manager - Multiple Security Vulnerabilities",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2025-43483",
    "datePublished": "2025-07-22T23:14:26.801Z",
    "dateReserved": "2025-04-16T15:25:24.712Z",
    "dateUpdated": "2025-07-23T20:11:12.870Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-41702 (GCVE-0-2025-41702)

Vulnerability from cvelistv5 – Published: 2025-08-26 06:10 – Updated: 2025-08-26 19:39
VLAI
Title
egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass
Summary
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
Vendor Product Version
Welotec EG400Mk2-D11001-000101 Affected: 0.0.0 , < v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG400Mk2-D11101-000101 Affected: 0.0.0 , < v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG503W Affected: 0.0.0 , < v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG503L Affected: 0.0.0 , < v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG503W_4GB Affected: 0.0.0 , < v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG503L_4GB Affected: 0.0.0 , < v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG503L-G Affected: 0.0.0 , < v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG500Mk2-A11101-000101 Affected: 0.0.0 , < v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG500Mk2-A11001-000101 Affected: 0.0.0 , < v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG500Mk2-B11101-000101 Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG500Mk2-B11001-000101 Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG500Mk2-C11101-000101 Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG500Mk2-C11001-000101 Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG500Mk2-A12011-000101 Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG500Mk2-A11001-000201 Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG500Mk2-A21101-000101 Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG602W Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG602L Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG603W Mk2 Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG603L Mk2 Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG802W Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG804W Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG802W_i7_512GB_DinRail Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG802W_i7_512GB_w/o DinRail Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Welotec EG804W Pro Affected: 0.0.0 , < <v1.7.7 (semver)
Affected: v1.8.0 , < v1.8.2 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41702",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-26T19:37:50.695357Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T19:39:00.393Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EG400Mk2-D11001-000101",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "v1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG400Mk2-D11101-000101",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "v1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG503W",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "v1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG503L",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "v1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG503W_4GB",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "v1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG503L_4GB",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "v1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG503L-G",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "v1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG500Mk2-A11101-000101",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "v1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG500Mk2-A11001-000101",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "v1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG500Mk2-B11101-000101",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG500Mk2-B11001-000101",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG500Mk2-C11101-000101",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG500Mk2-C11001-000101",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG500Mk2-A12011-000101",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG500Mk2-A11001-000201",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG500Mk2-A21101-000101",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG602W",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG602L",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG603W Mk2",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG603L Mk2",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG802W",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG804W",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG802W_i7_512GB_DinRail",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG802W_i7_512GB_w/o DinRail",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EG804W Pro",
          "vendor": "Welotec",
          "versions": [
            {
              "lessThan": "\u003cv1.7.7",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "v1.8.2",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.\u003cbr\u003e"
            }
          ],
          "value": "The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T06:10:57.464Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2025-076"
        }
      ],
      "source": {
        "advisory": "VDE-2025-076",
        "defect": [
          "CERT@VDE#641843"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2025-41702",
    "datePublished": "2025-08-26T06:10:57.464Z",
    "dateReserved": "2025-04-16T11:17:48.310Z",
    "dateUpdated": "2025-08-26T19:39:00.393Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-40946 (GCVE-0-2025-40946)

Vulnerability from cvelistv5 – Published: 2026-05-12 08:20 – Updated: 2026-05-29 13:03
VLAI
Summary
A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M10 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 137 TL3 (All versions), blueplanet 150 TL3 (All versions), blueplanet 150 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 155 TL3 (All versions), blueplanet 155 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 165 TL3 (All versions), blueplanet 165 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 25.0 NX3-33.0 NX3 (All versions), blueplanet 3.0 NX3-20.0 NX3 (All versions), blueplanet 3.0 TL3-60.0 TL3 (All versions), blueplanet 3.0-5.0 NX1 (All versions), blueplanet 360 NX3 M6 (All versions), blueplanet 50.0 NX3-60.0 NX3 (All versions), blueplanet 87.0 TL3 (All versions), blueplanet 87.0 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 92.0 TL3 (All versions), blueplanet 92.0 TL3 GEN2 (All versions < V6.1.4.9), blueplanet gridsave 110 TL3-S (All versions < V3.91), blueplanet gridsave 137 TL3-S (All versions < V3.91), blueplanet gridsave 92.0 TL3-S (All versions < V3.91), blueplanet hybrid 10.0 TL3 (All versions), blueplanet hybrid 6.0 NH3-12.0 NH3 (All versions). A CRC16-based algorithm for generating Technical Service credentials could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
Impacted products
Vendor Product Version
Siemens blueplanet 100 NX3 M8 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 100 TL3 GEN2 Affected: 0 , < V6.1.4.9 (custom)
Create a notification for this product.
Siemens blueplanet 105 TL3 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 105 TL3 GEN2 Affected: 0 , < V6.1.4.9 (custom)
Create a notification for this product.
Siemens blueplanet 110 TL3 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 125 NX3 M10 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 125 TL3 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 125 TL3 GEN2 Affected: 0 , < V6.1.4.9 (custom)
Create a notification for this product.
Siemens blueplanet 137 TL3 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 150 TL3 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 150 TL3 GEN2 Affected: 0 , < V6.1.4.9 (custom)
Create a notification for this product.
Siemens blueplanet 155 TL3 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 155 TL3 GEN2 Affected: 0 , < V6.1.4.9 (custom)
Create a notification for this product.
Siemens blueplanet 165 TL3 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 165 TL3 GEN2 Affected: 0 , < V6.1.4.9 (custom)
Create a notification for this product.
Siemens blueplanet 25.0 NX3-33.0 NX3 Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 3.0 NX3-20.0 NX3 Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 3.0 TL3-60.0 TL3 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 3.0-5.0 NX1 Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 360 NX3 M6 Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 50.0 NX3-60.0 NX3 Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 87.0 TL3 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 87.0 TL3 GEN2 Affected: 0 , < V6.1.4.9 (custom)
Create a notification for this product.
Siemens blueplanet 92.0 TL3 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet 92.0 TL3 GEN2 Affected: 0 , < V6.1.4.9 (custom)
Create a notification for this product.
Siemens blueplanet gridsave 110 TL3-S Affected: 0 , < V3.91 (custom)
Create a notification for this product.
Siemens blueplanet gridsave 137 TL3-S Affected: 0 , < V3.91 (custom)
Create a notification for this product.
Siemens blueplanet gridsave 92.0 TL3-S Affected: 0 , < V3.91 (custom)
Create a notification for this product.
Siemens blueplanet hybrid 10.0 TL3 Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens blueplanet hybrid 6.0 NH3-12.0 NH3 Unaffected: 0 , < * (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T12:43:03.238502Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:43:12.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 100 NX3 M8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 100 TL3 GEN2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.1.4.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 105 TL3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 105 TL3 GEN2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.1.4.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 110 TL3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 125 NX3 M10",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 125 TL3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 125 TL3 GEN2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.1.4.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 137 TL3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 150 TL3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 150 TL3 GEN2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.1.4.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 155 TL3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 155 TL3 GEN2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.1.4.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 165 TL3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 165 TL3 GEN2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.1.4.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 25.0 NX3-33.0 NX3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 3.0 NX3-20.0 NX3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 3.0 TL3-60.0 TL3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 3.0-5.0 NX1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 360 NX3 M6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 50.0 NX3-60.0 NX3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 87.0 TL3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 87.0 TL3 GEN2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.1.4.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 92.0 TL3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet 92.0 TL3 GEN2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.1.4.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet gridsave 110 TL3-S",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.91",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet gridsave 137 TL3-S",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.91",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet gridsave 92.0 TL3-S",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.91",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet hybrid 10.0 TL3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "blueplanet hybrid 6.0 NH3-12.0 NH3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M10 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 137 TL3 (All versions), blueplanet 150 TL3 (All versions), blueplanet 150 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 155 TL3 (All versions), blueplanet 155 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 165 TL3 (All versions), blueplanet 165 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 25.0 NX3-33.0 NX3 (All versions), blueplanet 3.0 NX3-20.0 NX3 (All versions), blueplanet 3.0 TL3-60.0 TL3 (All versions), blueplanet 3.0-5.0 NX1 (All versions), blueplanet 360 NX3 M6 (All versions), blueplanet 50.0 NX3-60.0 NX3 (All versions), blueplanet 87.0 TL3 (All versions), blueplanet 87.0 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 92.0 TL3 (All versions), blueplanet 92.0 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet gridsave 110 TL3-S (All versions \u003c V3.91), blueplanet gridsave 137 TL3-S (All versions \u003c V3.91), blueplanet gridsave 92.0 TL3-S (All versions \u003c V3.91), blueplanet hybrid 10.0 TL3 (All versions), blueplanet hybrid 6.0 NH3-12.0 NH3 (All versions). A CRC16-based algorithm for generating Technical Service credentials could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321: Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-29T13:03:45.841Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-545643.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-40946",
    "datePublished": "2026-05-12T08:20:50.525Z",
    "dateReserved": "2025-04-16T09:06:15.879Z",
    "dateUpdated": "2026-05-29T13:03:45.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-38741 (GCVE-0-2025-38741)

Vulnerability from cvelistv5 – Published: 2025-08-04 18:22 – Updated: 2025-08-05 15:47
VLAI
Summary
Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
Vendor Product Version
Dell Enterprise SONiC OS Affected: 4.5.0 , < 4.5.0a (semver)
Create a notification for this product.
Date Public
2025-08-01 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-38741",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-05T15:47:31.600205Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-05T15:47:36.772Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Enterprise SONiC OS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "4.5.0a",
              "status": "affected",
              "version": "4.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-08-01T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.\u003c/span\u003e"
            }
          ],
          "value": "Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321: Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-04T18:22:00.580Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000340083/dsa-2025-275-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-38741",
    "datePublished": "2025-08-04T18:22:00.580Z",
    "dateReserved": "2025-04-16T05:03:52.415Z",
    "dateUpdated": "2025-08-05T15:47:36.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-36326 (GCVE-0-2025-36326)

Vulnerability from cvelistv5 – Published: 2025-09-26 14:20 – Updated: 2025-09-26 14:54
VLAI
Title
IBM Controller information disclosure
Summary
IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7246015 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Cognos Controller Affected: 11.0.0 , ≤ 11.0.1 (semver)
    cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*
Create a notification for this product.
IBM Controller Affected: 11.1.0 , ≤ 11.1.1 (semver)
    cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:controller:11.1.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36326",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-26T14:54:16.381196Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-26T14:54:41.385Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Cognos Controller",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.0.1",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:controller:11.1.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Controller",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.1.1",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies."
            }
          ],
          "value": "IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-26T14:20:46.219Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7246015"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Controller information disclosure",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eDownload the script from here: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FCognos+8+Controller\u0026amp;fixids=CNTRL-WS-11.X-PATCH\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=Cognos\"\u003eFix Central\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eIt is strongly recommended that you apply the most recent security updates:\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u0026nbsp; \u0026nbsp; \u003c/div\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eInterim Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Controller\u003c/td\u003e\u003ctd\u003e11.1.0 - 11.1.1\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FCognos+8+Controller\u0026amp;fixids=CNTRL-WS-11.X-PATCH\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=Cognos\"\u003eFix Central\u003c/a\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Controller\u003c/td\u003e\u003ctd\u003e11.0.0 - 11.0.1 \u003c/td\u003e\u003ctd\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FCognos+8+Controller\u0026amp;fixids=CNTRL-WS-11.X-PATCH\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=Cognos\"\u003eFix Central\u003c/a\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003ePrerequisites\u003c/p\u003e\u003col\u003e\u003cli\u003eEnsure you are logged in to the server with System Administrator privileges.\u003c/li\u003e\u003cli\u003eCreate a backup of the server.js file located in the product installation path (e.g., C:\\ccr_64\\frontend) before proceeding.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eProcedure\u003c/p\u003e\u003col\u003e\u003cli\u003eNavigate to the directory containing server.js in the product installation path (e.g., C:\\ccr_64\\frontend).\u003c/li\u003e\u003cli\u003eCopy the script file ControllerWebUIService_11_X_Patch.ps1 into this directory.\u003c/li\u003e\u003cli\u003eRight-click on the ControllerWebUIService_11_X_Patch.ps1 script and select Run with PowerShell to execute it.\u003c/li\u003e\u003cli\u003eAfter execution, verify that a new System Environment Variable named session_passphrase has been created and assigned a random value.\u003c/li\u003e\u003cli\u003eConfirm that all SSL configuration steps have already been completed if you have enabled SSL.\u003c/li\u003e\u003cli\u003eRestart the IBM Controller Web UI service.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eNotes\u003c/p\u003e\u003cul\u003e\u003cli\u003eThis script is intended for one-time use only. Do not re-run the script.\u003c/li\u003e\u003cli\u003eIf any errors occur during execution of the ControllerWebUIService_11_X_Patch.ps1 script, you may run the rollback script ControllerWebUIService_11_X_Patch_Rollback.ps1 or  \u0026nbsp; replace server.js with the backed-up file.\u003c/li\u003e\u003cli\u003eDo not delete the session_passphrase environment variable.\u003c/li\u003e\u003cli\u003eAfter each Fix Pack (FP) upgrade, re-execute the patch script only if the session_passphrase is missing from the server.js file.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Download the script from here:  Fix Central https://www.ibm.com/support/fixcentral/swg/selectFixes \n\n\u00a0\n\nIt is strongly recommended that you apply the most recent security updates:\n\n\n\n\n\n\u00a0 \u00a0 \n\nAffected Product(s)Version(s)Interim FixIBM Controller11.1.0 - 11.1.1 Fix Central https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Cognos Controller11.0.0 - 11.0.1  Fix Central https://www.ibm.com/support/fixcentral/swg/selectFixes \n\nPrerequisites\n\n  *  Ensure you are logged in to the server with System Administrator privileges.\n  *  Create a backup of the server.js file located in the product installation path (e.g., C:\\ccr_64\\frontend) before proceeding.\nProcedure\n\n  *  Navigate to the directory containing server.js in the product installation path (e.g., C:\\ccr_64\\frontend).\n  *  Copy the script file ControllerWebUIService_11_X_Patch.ps1 into this directory.\n  *  Right-click on the ControllerWebUIService_11_X_Patch.ps1 script and select Run with PowerShell to execute it.\n  *  After execution, verify that a new System Environment Variable named session_passphrase has been created and assigned a random value.\n  *  Confirm that all SSL configuration steps have already been completed if you have enabled SSL.\n  *  Restart the IBM Controller Web UI service.\nNotes\n\n  *  This script is intended for one-time use only. Do not re-run the script.\n  *  If any errors occur during execution of the ControllerWebUIService_11_X_Patch.ps1 script, you may run the rollback script ControllerWebUIService_11_X_Patch_Rollback.ps1 or  \u00a0 replace server.js with the backed-up file.\n  *  Do not delete the session_passphrase environment variable.\n  *  After each Fix Pack (FP) upgrade, re-execute the patch script only if the session_passphrase is missing from the server.js file."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36326",
    "datePublished": "2025-09-26T14:20:46.219Z",
    "dateReserved": "2025-04-15T21:16:51.462Z",
    "dateUpdated": "2025-09-26T14:54:41.385Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-35052 (GCVE-0-2025-35052)

Vulnerability from cvelistv5 – Published: 2025-10-09 20:20 – Updated: 2025-10-15 16:15
VLAI
Title
Newforma Info Exchange (NIX) shared hard-coded secret key
Summary
Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shared across NIX installations. NIX 2023.3 and 2024.1 limit the use of hard-coded keys.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
Impacted products
Vendor Product Version
Newforma Project Center Affected: *
Affected: 2024.3
Create a notification for this product.
Date Public
2025-10-09 00:00
Credits
Shadron Gudmunson,Luke Rindels,Robert McCain,Asjha Stus,Adam Merrill,Ryan Kao,Brian Healy, Sandia National Laboratories Adversarial Modeling and Penetration Testing (AMPT)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-35052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-10T19:36:47.988546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T16:15:19.858Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Project Center",
          "vendor": "Newforma",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            },
            {
              "status": "affected",
              "version": "2024.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Shadron Gudmunson,Luke Rindels,Robert McCain,Asjha Stus,Adam Merrill,Ryan Kao,Brian Healy, Sandia National Laboratories Adversarial Modeling and Penetration Testing (AMPT)"
        }
      ],
      "datePublic": "2025-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the \u0027qs\u0027 parameter used in \u0027/DownloadWeb/download.aspx\u0027. This key is shared across NIX installations. NIX 2023.3 and 2024.1 limit the use of hard-coded keys."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          }
        },
        {
          "other": {
            "content": {
              "id": "CVE-2025-35052",
              "options": [
                {
                  "Exploitation": "none"
                },
                {
                  "Automatable": "no"
                },
                {
                  "Technical Impact": "partial"
                }
              ],
              "role": "CISA Coordinator",
              "timestamp": "2025-08-15T18:12:25.614258Z",
              "version": "2.0.3"
            },
            "type": "ssvc"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T20:20:00.632Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "name": "url",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-35052"
        },
        {
          "name": "url",
          "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json"
        }
      ],
      "title": "Newforma Info Exchange (NIX) shared hard-coded secret key"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2025-35052",
    "datePublished": "2025-10-09T20:20:00.632Z",
    "dateReserved": "2025-04-15T20:56:24.405Z",
    "dateUpdated": "2025-10-15T16:15:19.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-34500 (GCVE-0-2025-34500)

Vulnerability from cvelistv5 – Published: 2025-10-24 23:02 – Updated: 2025-10-27 15:21
VLAI
Title
Shuffle Master Deck Mate 2 Insecure Update Chain
Summary
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's USB update port - can craft or modify firmware packages to execute arbitrary code as root, allowing persistent compromise of the device's integrity and deck randomization process. Physical or on-premises access remains the most likely attack path, though network-exposed or telemetry-enabled deployments could theoretically allow remote exploitation if misconfigured. The vendor confirmed that firmware updates have been issued to correct these update-chain weaknesses and that USB update access has been disabled on affected units.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
  • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
Light & Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc. Deck Mate 2 Affected: 0 , < all known versions prior to 2025-10-23 (custom)
Create a notification for this product.
Credits
Joseph Tartaro of IOActive Enrique Nissim of IOActive Ethan Shackelford of IOActive
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34500",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-27T15:20:40.299784Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-27T15:21:02.916Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "Update/decryption utility and package verification"
          ],
          "product": "Deck Mate 2",
          "vendor": "Light \u0026 Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc.",
          "versions": [
            {
              "lessThan": "all known versions prior to 2025-10-23",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Joseph Tartaro of IOActive"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Enrique Nissim of IOActive"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Ethan Shackelford of IOActive"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Deck Mate 2\u0027s firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit\u0027s USB update port - can craft or modify firmware packages to execute arbitrary code as root, allowing persistent compromise of the device\u0027s integrity and deck randomization process. Physical or on-premises access remains the most likely attack path, though network-exposed or telemetry-enabled deployments could theoretically allow remote exploitation if misconfigured. The vendor confirmed that firmware updates have been issued to correct these update-chain weaknesses and that USB update access has been disabled on affected units.\u003cbr\u003e"
            }
          ],
          "value": "Deck Mate 2\u0027s firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit\u0027s USB update port - can craft or modify firmware packages to execute arbitrary code as root, allowing persistent compromise of the device\u0027s integrity and deck randomization process. Physical or on-premises access remains the most likely attack path, though network-exposed or telemetry-enabled deployments could theoretically allow remote exploitation if misconfigured. The vendor confirmed that firmware updates have been issued to correct these update-chain weaknesses and that USB update access has been disabled on affected units."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-24T23:02:29.851Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-security.pdf"
        },
        {
          "tags": [
            "media-coverage"
          ],
          "url": "https://www.wired.com/story/card-shuffler-hack/"
        },
        {
          "tags": [
            "media-coverage"
          ],
          "url": "https://www.wired.com/story/how-hacked-card-shufflers-allegedly-enabled-a-mob-fueled-poker-scam-that-rocked-the-nba/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/shuffle-master-deck-mate-2-insecure-update-chain"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLight \u0026amp; Wonder reports that it has deployed firmware updates addressing the update-chain weaknesses IOActive described (including fixes to the cryptographic integrity checks) and has disabled the USB update port on affected Deck Mate 2 units.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Light \u0026 Wonder reports that it has deployed firmware updates addressing the update-chain weaknesses IOActive described (including fixes to the cryptographic integrity checks) and has disabled the USB update port on affected Deck Mate 2 units."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Shuffle Master Deck Mate 2 Insecure Update Chain",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34500",
    "datePublished": "2025-10-24T23:02:29.851Z",
    "dateReserved": "2025-04-15T19:15:22.611Z",
    "dateUpdated": "2025-10-27T15:21:02.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-34256 (GCVE-0-2025-34256)

Vulnerability from cvelistv5 – Published: 2025-12-05 17:18 – Updated: 2026-04-15 19:36
VLAI
Title
Advantech WISE-DeviceOn Server < 5.4 Hard-coded JWT Key Authentication Bypass
Summary
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote unauthenticated attacker to generate arbitrary tokens and impersonate any DeviceOn account, including the root super admin. Successful exploitation permits full administrative control of the DeviceOn instance and can be leveraged to execute code on managed agents through DeviceOn’s remote management features.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
Impacted products
Vendor Product Version
Advantech Co., Ltd. WISE-DeviceOn Server Affected: 0 , < 5.4.0 (semver)
Create a notification for this product.
Credits
Alex Williams from Pellera Technologies
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34256",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T19:36:16.430752Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T19:36:20.788Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WISE-DeviceOn Server",
          "vendor": "Advantech Co., Ltd.",
          "versions": [
            {
              "lessThan": "5.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alex Williams from Pellera Technologies"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Advantech WISE-DeviceOn Server versions prior to 5.4\u0026nbsp;contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote unauthenticated attacker to generate arbitrary tokens and impersonate any DeviceOn account, including the root super admin. Successful exploitation permits full administrative control of the DeviceOn instance and can be leveraged to execute code on managed agents through DeviceOn\u2019s remote management features."
            }
          ],
          "value": "Advantech WISE-DeviceOn Server versions prior to 5.4\u00a0contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote unauthenticated attacker to generate arbitrary tokens and impersonate any DeviceOn account, including the root super admin. Successful exploitation permits full administrative control of the DeviceOn instance and can be leveraged to execute code on managed agents through DeviceOn\u2019s remote management features."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T18:17:12.008Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://advcloudfiles.advantech.com/cms/2ca1b071-fd78-4d7f-8a2a-7b4537a95d19/Security%20Advisory%20PDF%20File/SECURITY-ADVISORY----DeviceOn-20251208-2.pdf"
        },
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://pellera.com/blog/advantech-wise-deviceon-cve-2025-34256-vulnerability/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://docs.deviceon.advantech.com/docs/resource/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/advantech-wise-deviceon-server-hardcoded-jwt-key-authentication-bypass"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Advantech WISE-DeviceOn Server \u003c 5.4 Hard-coded JWT Key Authentication Bypass",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34256",
    "datePublished": "2025-12-05T17:18:31.747Z",
    "dateReserved": "2025-04-15T19:15:22.578Z",
    "dateUpdated": "2026-04-15T19:36:20.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-34234 (GCVE-0-2025-34234)

Vulnerability from cvelistv5 – Published: 2025-09-29 20:34 – Updated: 2026-05-15 11:15
VLAI
Title
Vasion Print (formerly PrinterLogic) Hardcoded Encryption Private Keys
Summary
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are shipped in the application containers (printerlogic/pi, printerlogic/printer-admin-api, and printercloud/pi). The keys are stored in clear text under /var/www/app/config/ as keyfile.ppk.dev and keyfile.saasid.ppk.dev. The application uses these keys as the symmetric secret for AES‑256‑CBC encryption/decryption of the “SaaS Id” (external identifier) through the getEncryptedExternalId() / getDecryptedExternalId() methods. Because the secret is embedded in the deployed image, any attacker who can obtain a copy of the Docker image, read the configuration files, or otherwise enumerate the filesystem can recover the encryption key. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard‑coded Cryptographic Key
Assigner
Impacted products
Vendor Product Version
Vasion Print Virtual Appliance Host Affected: 0 , < 25.1.102 (semver)
Create a notification for this product.
Vasion Print Application Affected: 0 , < 25.1.1413 (semver)
Create a notification for this product.
Credits
Pierre Barre
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34234",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-30T13:34:06.710551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T13:43:18.410Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-hardcoded-key"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "printerlogic/pi",
            "printerlogic/printer-admin-api",
            "printercloud/pi",
            "/var/www/app/config/",
            "keyfile.ppk.dev",
            "keyfile.saasid.ppk.dev"
          ],
          "product": "Print Virtual Appliance Host",
          "vendor": "Vasion",
          "versions": [
            {
              "lessThan": "25.1.102",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "printerlogic/pi",
            "printerlogic/printer-admin-api",
            "printercloud/pi",
            "/var/www/app/config/",
            "keyfile.ppk.dev",
            "keyfile.saasid.ppk.dev"
          ],
          "product": "Print Application",
          "vendor": "Vasion",
          "versions": [
            {
              "lessThan": "25.1.1413",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "25.1.102",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "25.1.1413",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pierre Barre"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are shipped in the application containers (printerlogic/pi, printerlogic/printer-admin-api, and printercloud/pi). The keys are stored in clear text under /var/www/app/config/ as keyfile.ppk.dev and keyfile.saasid.ppk.dev. The application uses these keys as the symmetric secret for AES\u2011256\u2011CBC encryption/decryption of the \u201cSaaS Id\u201d (external identifier) through the getEncryptedExternalId() / getDecryptedExternalId() methods. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBecause the secret is embedded in the deployed image, any attacker who can obtain a copy of the Docker image, read the configuration files, or otherwise enumerate the filesystem can recover the encryption key.\u0026nbsp;\u003c/span\u003eThis vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.\u003cbr\u003e"
            }
          ],
          "value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are shipped in the application containers (printerlogic/pi, printerlogic/printer-admin-api, and printercloud/pi). The keys are stored in clear text under /var/www/app/config/ as keyfile.ppk.dev and keyfile.saasid.ppk.dev. The application uses these keys as the symmetric secret for AES\u2011256\u2011CBC encryption/decryption of the \u201cSaaS Id\u201d (external identifier) through the getEncryptedExternalId() / getDecryptedExternalId() methods. Because the secret is embedded in the deployed image, any attacker who can obtain a copy of the Docker image, read the configuration files, or otherwise enumerate the filesystem can recover the encryption key.\u00a0This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard\u2011coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-15T11:15:37.301Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-hardcoded-key"
        },
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
        },
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-hardcoded-encryption-private-keys"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Vasion Print (formerly PrinterLogic) Hardcoded Encryption Private Keys",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34234",
    "datePublished": "2025-09-29T20:34:45.051Z",
    "dateReserved": "2025-04-15T19:15:22.575Z",
    "dateUpdated": "2026-05-15T11:15:37.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

Prevention schemes mirror that of hard-coded password storage.

No CAPEC attack patterns related to this CWE.