- Description
- Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, CRC32, and SSDEEP). These algorithms, while possibly valid for certain non-security-critical tasks, can expose users to security risks if used in scenarios where strong cryptographic guarantees are required. This issue is fixed in 8.24.0.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-327
- Hype score
- Not currently trending
🚨 CVE-2025-27508 🔴 HIGH (7.5) 🏢 NationalSecurityAgency - emissary 🏗️ < 8.24.0 🔗 https://t.co/vquQpblYU5 🔗 https://t.co/zMikXqapcs #CyberCron #VulnAlert #InfoSec https://t.co/pjq9khOBCg
@cybercronai
6 Mar 2025
93 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
CVE-2025-27508 03/05/2025 10:15:35 PM BaseSeverity: HIGH Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum ... https://t.co/tSCS3i2nlD
@CVETracker
6 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes