SB2025030560 - Use of a broken or risky cryptographic algorithm in emissary

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025030560

SB2025030560 - Use of a broken or risky cryptographic algorithm in emissary

Published: March 5, 2025 Updated: April 7, 2026

Security Bulletin ID SB2025030560
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2025-27508)

The vulnerability allows a remote attacker to bypass naive integrity checks.

The vulnerability exists due to use of a broken or risky cryptographic algorithm in the ChecksumCalculator class when generating hashes or checksums for security-sensitive purposes. A remote attacker can craft inputs with colliding or manipulable values to bypass naive integrity checks.

The issue is associated with the default use of SHA-1 and the availability of CRC32 and SSDEEP, which may be misused in contexts requiring strong cryptographic guarantees.


Remediation

Install update from vendor's website.

References