CVE-2025-46833

Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.

CVSS

No CVSS.

References

Link	Resource
https://github.com/ShashikantSingh09/python-progrrames/commit/6ce60b1b2116a579a2e89de96d738a98f6ad4f27
https://github.com/ShashikantSingh09/python-progrrames/security/advisories/GHSA-5h26-2c6g-4ch4

Configurations

No configuration.

History

12 May 2025, 17:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-08 20:15

Updated : 2025-05-12 17:32

NVD link : CVE-2025-46833

Mitre link : CVE-2025-46833

CVE.ORG link : CVE-2025-46833

JSON object : View

Products Affected

No product.

CWE

CWE-326

Inadequate Encryption Strength

{"id": "CVE-2025-46833", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-08T20:15:31.087", "references": [{"url": "https://github.com/ShashikantSingh09/python-progrrames/commit/6ce60b1b2116a579a2e89de96d738a98f6ad4f27", "source": "security-advisories@github.com"}, {"url": "https://github.com/ShashikantSingh09/python-progrrames/security/advisories/GHSA-5h26-2c6g-4ch4", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits."}, {"lang": "es", "value": "Programs/P73_SimplePythonEncryption.py ilustra un ejemplo sencillo de cifrado en Python con el algoritmo RSA. En versiones anteriores a el commit 6ce60b1, un atacante podr\u00eda descifrar los datos mediante ataques de fuerza bruta, lo que afectar\u00eda a toda la aplicaci\u00f3n. Este problema se ha corregido en el commit 6ce60b1. Un workaround consiste en aumentar el tama\u00f1o de la clave: para RSA o DSA, este debe ser de al menos 2048 bits y para ECC, de al menos 256 bits."}], "lastModified": "2025-05-12T17:32:52.810", "sourceIdentifier": "security-advisories@github.com"}