CVE-2025-46674

Summary

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.

Affected Software

VendorProductVersion RangeStatus
NASACryptoLib0 < 1.3.2affected

Weaknesses

  • CWE-489: CWE-489 Active Debug Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References