CVE-2025-46673

NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/nasa/CryptoLib/compare/v1.3.0...v1.3.1	Product
https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2	Product
https://github.com/nasa/CryptoLib/pull/286	Product
https://github.com/nasa/CryptoLib/pull/306	Product
https://securitybynature.fr/post/hacking-cryptolib/	Exploit Press/Media Coverage
https://securitybynature.fr/post/hacking-cryptolib/	Exploit Press/Media Coverage

Configurations

Configuration 1 (hide)

cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

History

29 May 2025, 14:02

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-27 01:15

Updated : 2025-05-29 14:02

NVD link : CVE-2025-46673

Mitre link : CVE-2025-46673

CVE.ORG link : CVE-2025-46673

JSON object : View

Products Affected

nasa

cryptolib

CWE

CWE-913

Improper Control of Dynamically-Managed Code Resources

{"id": "CVE-2025-46673", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2025-04-27T01:15:44.477", "references": [{"url": "https://github.com/nasa/CryptoLib/compare/v1.3.0...v1.3.1", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/nasa/CryptoLib/pull/286", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/nasa/CryptoLib/pull/306", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://securitybynature.fr/post/hacking-cryptolib/", "tags": ["Exploit", "Press/Media Coverage"], "source": "cve@mitre.org"}, {"url": "https://securitybynature.fr/post/hacking-cryptolib/", "tags": ["Exploit", "Press/Media Coverage"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-913"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-913"}]}], "descriptions": [{"lang": "en", "value": "NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS)."}, {"lang": "es", "value": "La NASA CryptoLib anterior a la versi\u00f3n 1.3.2 no verifica si el SA est\u00e1 en estado operativo antes de su uso, lo que posiblemente provoque una evasi\u00f3n del protocolo de seguridad de enlace de datos espaciales (SDLS)."}], "lastModified": "2025-05-29T14:02:33.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "933AFFD0-8C9C-46AB-8C87-6055664F6A8E", "versionEndExcluding": "1.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}