CVE-2025-50122
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-11-03
Assigner: Schneider Electric SE
Description
Description
AΒ CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the
password generation algorithm is reverse engineered with access to installation or upgrade artifacts.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-331 | The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Insufficient Entropy issue (CWE-331) where the randomness used in generating root passwords is weak. If an attacker can reverse engineer the password generation algorithm and has access to installation or upgrade artifacts, they could potentially discover the root password.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to discover the root password, leading to unauthorized root access. This can result in full system compromise, data breaches, and loss of control over the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70