CVE Vulnerabilities

CVE-2025-46674

Active Debug Code

Published: Apr 27, 2025 | Modified: May 29, 2025
CVSS 3.x
9.9
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.

Weakness

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

Affected Software

Name Vendor Start Version End Version
Cryptolib Nasa * 1.3.2 (excluding)

Potential Mitigations

References