Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by calmkart
CVE-2025-4894 (GCVE-0-2025-4894)
Vulnerability from cvelistv5 – Published: 2025-05-18 20:00 – Updated: 2025-05-19 14:09
VLAI
Title
calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption
Summary
A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.309448 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.309448 | signaturepermissions-required |
| https://vuldb.com/?submit.578019 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| calmkart | Django-sso-server |
Affected:
057247929a94ffc358788a37ab99e391379a4d15
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:09:08.459044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:09:15.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Django-sso-server",
"vendor": "calmkart",
"versions": [
{
"status": "affected",
"version": "057247929a94ffc358788a37ab99e391379a4d15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dev03303 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."
},
{
"lang": "de",
"value": "In calmkart Django-sso-server bis 057247929a94ffc358788a37ab99e391379a4d15 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um die Funktion gen_rsa_keys der Datei common/crypto.py. Durch das Manipulieren mit unbekannten Daten kann eine inadequate encryption strength-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-18T20:00:09.114Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-309448 | calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.309448"
},
{
"name": "VDB-309448 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.309448"
},
{
"name": "Submit #578019 | https://github.com/calmkart Django-sso-server master CWE-326: Inadequate Encryption Strength",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.578019"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-17T12:00:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4894",
"datePublished": "2025-05-18T20:00:09.114Z",
"dateReserved": "2025-05-17T09:55:32.398Z",
"dateUpdated": "2025-05-19T14:09:15.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}