CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1127 vulnerabilities reference this CWE, most recent first.
GHSA-HM55-77PQ-87F5
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30Windows Enroll Engine Security Feature Bypass Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38069"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T17:15:39Z",
"severity": "HIGH"
},
"details": "Windows Enroll Engine Security Feature Bypass Vulnerability",
"id": "GHSA-hm55-77pq-87f5",
"modified": "2024-07-09T18:30:52Z",
"published": "2024-07-09T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38069"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38069"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HMGR-779R-QFWW
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.
{
"affected": [],
"aliases": [
"CVE-2018-15374"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-05T14:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.",
"id": "GHSA-hmgr-779r-qfww",
"modified": "2022-05-13T01:34:22Z",
"published": "2022-05-13T01:34:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15374"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-digsig"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105415"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HMX6-CPRG-H49V
Vulnerability from github – Published: 2026-07-02 21:32 – Updated: 2026-07-02 21:32CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication.
{
"affected": [],
"aliases": [
"CVE-2026-13743"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-02T19:16:59Z",
"severity": "LOW"
},
"details": "CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication.",
"id": "GHSA-hmx6-cprg-h49v",
"modified": "2026-07-02T21:32:11Z",
"published": "2026-07-02T21:32:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13743"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HPM7-4H9P-PHG8
Vulnerability from github – Published: 2025-03-12 00:31 – Updated: 2025-03-12 00:31Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615.
{
"affected": [],
"aliases": [
"CVE-2025-2233"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T23:15:38Z",
"severity": "HIGH"
},
"details": "Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615.",
"id": "GHSA-hpm7-4h9p-phg8",
"modified": "2025-03-12T00:31:50Z",
"published": "2025-03-12T00:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2233"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-127"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HPW7-8QPC-34P3
Vulnerability from github – Published: 2025-03-07 16:21 – Updated: 2025-03-12 14:40Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Improper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/346
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
WinDbg WinDbg
| Package name | Affected version | Patched version |
|---|---|---|
| dotnet-sos | < 9.0.607501 | 9.0.607501 |
| dotnet-dump | < 9.0.557512 | 9.0.607501 |
| dotnet-debugger-extensions | 9.0.557512 | 9.0.607601 |
Advisory FAQ
How do I know if I am affected?
If you you are using the affected version listed in affected packages, you're exposed to the vulnerability.
How do I fix the issue?
- To fix the issue please install the latest version of WinDbg.
- If your application references the vulnerable package, update the package reference to the patched version.
Other Information
Reporting Security Issues
If you have found a potential security issue, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.
Support
You can ask questions about this issue on GitHub in the .NET GitHub organization.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
External Links
Revisions
V1.0 (March 06, 2024): Advisory published.
Version 1.0
Last Updated 2025-03-06
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "dotnet-sos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.607501"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "dotnet-dump"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.607501"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "dotnet-debugger-extensions"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.607601"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-24043"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-07T16:21:34Z",
"nvd_published_at": "2025-03-11T17:16:25Z",
"severity": "HIGH"
},
"details": "# Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability\n\n## \u003ca name=\"executive-summary\"\u003e\u003c/a\u003eExecutive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in [WinDbg](https://aka.ms/windbg/download). This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nImproper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution.\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/346\n\n## \u003ca name=\"mitigation-factors\"\u003e\u003c/a\u003eMitigation factors\n\nMicrosoft has not identified any mitigating factors for this vulnerability.\n\n## \u003ca name=\"affected-packages\"\u003e\u003c/a\u003eAffected Packages\nThe vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below\n\n### \u003ca name=\"\"\u003eWinDbg\u003c/a\u003e WinDbg\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[dotnet-sos](https://www.nuget.org/packages/dotnet-sos) | \u003c 9.0.607501 | 9.0.607501\n[dotnet-dump](https://www.nuget.org/packages/dotnet-dump) | \u003c 9.0.557512 | 9.0.607501\n[dotnet-debugger-extensions](https://www.nuget.org/packages/dotnet-debugger-extensions) | 9.0.557512 | 9.0.607601\n\n## Advisory FAQ\n\n### \u003ca name=\"how-affected\"\u003e\u003c/a\u003eHow do I know if I am affected?\n\nIf you you are using the affected version listed in [affected packages](#affected-software), you\u0027re exposed to the vulnerability.\n\n### \u003ca name=\"how-fix\"\u003e\u003c/a\u003eHow do I fix the issue?\n\n1. To fix the issue please install the latest version of [WinDbg](https://aka.ms/windbg/download).\n2. If your application references the vulnerable package, update the package reference to the patched version.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core \u0026 .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at \u003chttps://aka.ms/corebounty\u003e.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. \n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2025-24043]( https://www.cve.org/CVERecord?id=CVE-2025-24043)\n\n### Revisions\n\nV1.0 (March 06, 2024): Advisory published.\n\n_Version 1.0_\n\n_Last Updated 2025-03-06_",
"id": "GHSA-hpw7-8qpc-34p3",
"modified": "2025-03-12T14:40:53Z",
"published": "2025-03-07T16:21:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dotnet/diagnostics/security/advisories/GHSA-hpw7-8qpc-34p3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24043"
},
{
"type": "PACKAGE",
"url": "https://github.com/dotnet/diagnostics"
},
{
"type": "WEB",
"url": "https://github.com/dotnet/diagnostics/releases/tag/v9.0.607501"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability"
}
GHSA-HPWG-XG7M-3P6M
Vulnerability from github – Published: 2026-01-21 16:13 – Updated: 2026-01-22 15:43Summary
A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the message associated with the forged signature to satisfy specific formatting requirements.
Credit
This vulnerability was discovered by: - XlabAI Team of Tencent Xuanwu Lab - Atuin Automated Vulnerability Discovery Engine
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "sm-crypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-23965"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-21T16:13:44Z",
"nvd_published_at": "2026-01-22T03:15:46Z",
"severity": "HIGH"
},
"details": "### Summary\n\nA signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the message associated with the forged signature to satisfy specific formatting requirements.\n\n### Credit\n\nThis vulnerability was discovered by:\n- XlabAI Team of Tencent Xuanwu Lab\n- Atuin Automated Vulnerability Discovery Engine",
"id": "GHSA-hpwg-xg7m-3p6m",
"modified": "2026-01-22T15:43:29Z",
"published": "2026-01-21T16:13:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-hpwg-xg7m-3p6m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23965"
},
{
"type": "WEB",
"url": "https://github.com/JuneAndGreen/sm-crypto/commit/85295a859d0766222d12ce2be3e6fce7b438b510"
},
{
"type": "PACKAGE",
"url": "https://github.com/JuneAndGreen/sm-crypto"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "sm-crypto Affected by Signature Forgery in SM2-DSA"
}
GHSA-HQ3M-JWG9-RV8Q
Vulnerability from github – Published: 2022-05-17 00:15 – Updated: 2022-05-17 00:15A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software image on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf25045, CSCvf31495.
{
"affected": [],
"aliases": [
"CVE-2017-12333"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-30T09:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software image on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf25045, CSCvf31495.",
"id": "GHSA-hq3m-jwg9-rv8q",
"modified": "2022-05-17T00:15:06Z",
"published": "2022-05-17T00:15:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12333"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102161"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039933"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQ3R-R6CV-4Q73
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signatures for software images. An attacker could exploit this vulnerability by loading an unsigned software image on an affected device. A successful exploit could allow the attacker to boot a malicious software image. Note: The fix for this vulnerability requires a BIOS upgrade as part of the software upgrade. For additional information, see the Details section of this advisory. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 9000 Series Fabric Switches in ACI Mode are affected running software versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).
{
"affected": [],
"aliases": [
"CVE-2019-1615"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-11T21:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signatures for software images. An attacker could exploit this vulnerability by loading an unsigned software image on an affected device. A successful exploit could allow the attacker to boot a malicious software image. Note: The fix for this vulnerability requires a BIOS upgrade as part of the software upgrade. For additional information, see the Details section of this advisory. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 9000 Series Fabric Switches in ACI Mode are affected running software versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).",
"id": "GHSA-hq3r-r6cv-4q73",
"modified": "2022-05-13T01:31:31Z",
"published": "2022-05-13T01:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1615"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-sig-verif"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107397"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQ76-6GH2-5G4Q
Vulnerability from github – Published: 2025-10-27 16:20 – Updated: 2025-12-01 16:06Summary
A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could potentially compromise guest execution.
LUKS2 volume metadata is not authenticated and supports null key-encryption algorithms, allowing an attacker to create a volume such that the volume: - Opens (cryptsetup open) without error using any passphrase or token - Records all writes in plaintext (or ciphertext with an attacker-known key) - Contains arbitrary data chosen by the attacker
Details
The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function crypt_activate_by_passhrase. If the VM is successful in opening the partition with the disk encryption key, it treats the volume as confidential. However, due to the unsafe handling of null keyslot algorithms in the cryptsetup 2.8.1, it is possible that the opened volume is not encrypted at all.
Cryptsetup prior to version 2.8.1 does not report an error when processing LUKS2-formatted disks that use the cipher_null-ecb algorithm in the keyslot encryption field.
Impact
A LUKS2 disk encrypted with a master key, which is in turn encrypted with user passwords stored in some number of keyslots. By creating a malicious disk which sets the keyslot encryption algorithm to ”crypto_null-ecb”, an attacker can construct a disk such that keyslot decryption does not depend in any way on the enclave-held secret data. When a confidential guest opens such a device using cryptsetup open, the mapped disk is created without error, and any further writes to the disk are encrypted using an attacker-controlled key.
Patches
To protect against this and similar attacks, Constellation now performs detached reading of LUKS headers. The header is copied into the encrypted memory of the CVM and then verified. The verified header is then used to open the encrypted LUKS device in detached header mode. This was implemented in https://github.com/edgelesssys/constellation/pull/3927 and release as part of Constellation v2.24.0.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.23.1"
},
"package": {
"ecosystem": "Go",
"name": "github.com/edgelesssys/constellation/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-58356"
],
"database_specific": {
"cwe_ids": [
"CWE-347",
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-27T16:20:25Z",
"nvd_published_at": "2025-10-27T20:15:53Z",
"severity": "HIGH"
},
"details": "### Summary\nA malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the [OpenCryptDevice](https://github.com/edgelesssys/constellation/blob/6eff250f16f8ae48221d412550e4a64a4bf0d77b/csi/cryptmapper/cryptmapper.go#L89) feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could potentially compromise guest execution.\n\n\nLUKS2 volume metadata is not authenticated and supports null key-encryption algorithms, allowing an attacker to create a volume such that the volume:\n- Opens (cryptsetup open) without error using any passphrase or token\n- Records all writes in plaintext (or ciphertext with an attacker-known key)\n- Contains arbitrary data chosen by the attacker\n\n\n### Details\nThe Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the `libcryptsetup` function [crypt_activate_by_passhrase](https://github.com/martinjungblut/go-cryptsetup/blob/fd0874fd07a6e477f0a4d18f2e80234983afe74f/device.go#L261). If the VM is successful in opening the partition with the disk encryption key, it treats the volume as confidential. However, due to the unsafe handling of null keyslot algorithms in the cryptsetup 2.8.1, it is possible that the opened volume is not encrypted at all.\n\nCryptsetup prior to version 2.8.1 does not report an error when processing LUKS2-formatted disks that use the `cipher_null-ecb` algorithm in the keyslot `encryption` field.\n\n### Impact\n\nA LUKS2 disk encrypted with a master key, which is in turn encrypted with user passwords stored in some number of keyslots. By creating a malicious disk which sets the keyslot encryption algorithm to `\u201dcrypto_null-ecb\u201d`, an attacker can construct a disk such that keyslot decryption does not depend in any way on the enclave-held secret data. When a confidential guest opens such a device using `cryptsetup open`, the mapped disk is created without error, and any further writes to the disk are encrypted using an attacker-controlled key.\n\n### Patches\n\nTo protect against this and similar attacks, Constellation now performs detached reading of LUKS headers. The header is copied into the encrypted memory of the CVM and then verified. The verified header is then used to open the encrypted LUKS device in detached header mode. This was implemented in https://github.com/edgelesssys/constellation/pull/3927 and release as part of [Constellation v2.24.0](https://github.com/edgelesssys/constellation/releases/tag/v2.24.0).",
"id": "GHSA-hq76-6gh2-5g4q",
"modified": "2025-12-01T16:06:06Z",
"published": "2025-10-27T16:20:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/edgelesssys/constellation/security/advisories/GHSA-hq76-6gh2-5g4q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58356"
},
{
"type": "WEB",
"url": "https://github.com/edgelesssys/constellation/pull/3927"
},
{
"type": "WEB",
"url": "https://github.com/edgelesssys/constellation/commit/bb8d2c8a5c0a0a6510d2cc43055be21f4a3ab83c"
},
{
"type": "WEB",
"url": "https://blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms"
},
{
"type": "PACKAGE",
"url": "https://github.com/edgelesssys/constellation"
},
{
"type": "WEB",
"url": "https://github.com/edgelesssys/constellation/releases/tag/v2.24.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Constellation has insecure LUKS2 persistent storage partitions which may be opened and used"
}
GHSA-HRC2-HCHG-RQ8R
Vulnerability from github – Published: 2026-03-17 15:36 – Updated: 2026-03-17 15:36A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
{
"affected": [],
"aliases": [
"CVE-2026-3564"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-17T15:16:19Z",
"severity": "CRITICAL"
},
"details": "A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.",
"id": "GHSA-hrc2-hchg-rq8r",
"modified": "2026-03-17T15:36:23Z",
"published": "2026-03-17T15:36:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3564"
},
{
"type": "WEB",
"url": "https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.