CVE-2025-46833 (GCVE-0-2025-46833)

Vulnerability from cvelistv5 – Published: 2025-05-08 19:27 – Updated: 2025-05-08 19:49
VLAI?
Title
Programs/P73_SimplePythonEncryption.py has weak cryptographic key
Summary
Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.
Severity ?
4.6 (Medium)
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
CWE
  • CWE-326 - Inadequate Encryption Strength
Assigner
References
Impacted products
Vendor Product Version
ShashikantSingh09 python-progrrames Affected: < 6ce60b1
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46833",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T19:47:53.139736Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T19:49:41.318Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "python-progrrames",
          "vendor": "ShashikantSingh09",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6ce60b1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326: Inadequate Encryption Strength",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-08T19:27:33.330Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ShashikantSingh09/python-progrrames/security/advisories/GHSA-5h26-2c6g-4ch4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ShashikantSingh09/python-progrrames/security/advisories/GHSA-5h26-2c6g-4ch4"
        },
        {
          "name": "https://github.com/ShashikantSingh09/python-progrrames/commit/6ce60b1b2116a579a2e89de96d738a98f6ad4f27",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ShashikantSingh09/python-progrrames/commit/6ce60b1b2116a579a2e89de96d738a98f6ad4f27"
        }
      ],
      "source": {
        "advisory": "GHSA-5h26-2c6g-4ch4",
        "discovery": "UNKNOWN"
      },
      "title": "Programs/P73_SimplePythonEncryption.py has weak cryptographic key"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-46833",
    "datePublished": "2025-05-08T19:27:33.330Z",
    "dateReserved": "2025-04-30T19:41:58.135Z",
    "dateUpdated": "2025-05-08T19:49:41.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-46833\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-05-08T20:15:31.087\",\"lastModified\":\"2025-05-12T17:32:52.810\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.\"},{\"lang\":\"es\",\"value\":\"Programs/P73_SimplePythonEncryption.py ilustra un ejemplo sencillo de cifrado en Python con el algoritmo RSA. En versiones anteriores a el commit 6ce60b1, un atacante podr\u00eda descifrar los datos mediante ataques de fuerza bruta, lo que afectar\u00eda a toda la aplicaci\u00f3n. Este problema se ha corregido en el commit 6ce60b1. Un workaround consiste en aumentar el tama\u00f1o de la clave: para RSA o DSA, este debe ser de al menos 2048 bits y para ECC, de al menos 256 bits.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]}],\"references\":[{\"url\":\"https://github.com/ShashikantSingh09/python-progrrames/commit/6ce60b1b2116a579a2e89de96d738a98f6ad4f27\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/ShashikantSingh09/python-progrrames/security/advisories/GHSA-5h26-2c6g-4ch4\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Programs/P73_SimplePythonEncryption.py has weak cryptographic key\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-326\", \"lang\": \"en\", \"description\": \"CWE-326: Inadequate Encryption Strength\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV4_0\": {\"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"baseScore\": 4.6, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U\", \"version\": \"4.0\"}}], \"references\": [{\"name\": \"https://github.com/ShashikantSingh09/python-progrrames/security/advisories/GHSA-5h26-2c6g-4ch4\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/ShashikantSingh09/python-progrrames/security/advisories/GHSA-5h26-2c6g-4ch4\"}, {\"name\": \"https://github.com/ShashikantSingh09/python-progrrames/commit/6ce60b1b2116a579a2e89de96d738a98f6ad4f27\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/ShashikantSingh09/python-progrrames/commit/6ce60b1b2116a579a2e89de96d738a98f6ad4f27\"}], \"affected\": [{\"vendor\": \"ShashikantSingh09\", \"product\": \"python-progrrames\", \"versions\": [{\"version\": \"\u003c 6ce60b1\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-05-08T19:27:33.330Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.\"}], \"source\": {\"advisory\": \"GHSA-5h26-2c6g-4ch4\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-46833\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T19:47:53.139736Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T19:47:58.485Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-46833\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2025-04-30T19:41:58.135Z\", \"datePublished\": \"2025-05-08T19:27:33.330Z\", \"dateUpdated\": \"2025-05-08T19:49:41.318Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.