CVE-2025-9513
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-08-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| editso_fuso | editso_fuso | 1.0.4-beta.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-310 | Cryptographic Issues |
| CWE-326 | The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the editso fuso software up to version 1.0.4-beta.7, specifically in the function PenetrateRsaAndAesHandshake located in the file src/net/penetrate/handshake/mod.rs. The flaw involves manipulation of the argument priv_key, which results in inadequate encryption strength. This weakness can be exploited remotely, although the attack requires a high degree of complexity and is considered difficult to execute.
How can this vulnerability impact me? :
The vulnerability can impact you by weakening the encryption strength during the handshake process, potentially allowing a remote attacker to compromise the confidentiality of communications. However, exploitation is difficult and requires a high level of complexity, so the risk is somewhat mitigated by these factors.