CVE-2025-46675

In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.

CVSS v3.0 4.2 MEDIUM

4.2^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2	Patch
https://github.com/nasa/CryptoLib/pull/358	Issue Tracking Patch
https://github.com/nasa/CryptoLib/pull/359	Issue Tracking Patch
https://securitybynature.fr/post/hacking-cryptolib/	Exploit Third Party Advisory
https://securitybynature.fr/post/hacking-cryptolib/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

History

12 May 2025, 19:34

Type	Values Removed	Values Added
CWE		CWE-913
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.2
CPE		cpe:2.3:a:nasa:cryptolib::::::::
First Time		Nasa Nasa cryptolib
References	~~() https://github.com/nasa/CryptoLib/pull/359 -~~	() https://github.com/nasa/CryptoLib/pull/359 - Issue Tracking, Patch
References	~~() https://securitybynature.fr/post/hacking-cryptolib/ -~~	() https://securitybynature.fr/post/hacking-cryptolib/ - Exploit, Third Party Advisory
References	~~() https://github.com/nasa/CryptoLib/pull/358 -~~	() https://github.com/nasa/CryptoLib/pull/358 - Issue Tracking, Patch
References	~~() https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2 -~~	() https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2 - Patch

27 Apr 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-27 01:15

Updated : 2025-05-12 19:34

NVD link : CVE-2025-46675

Mitre link : CVE-2025-46675

JSON object : View

Products Affected

nasa

cryptolib

CWE

CWE-913

Improper Control of Dynamically-Managed Code Resources

4.2 /10