CVE-2025-2516

Use of a weak cryptographic key in the signature verification process in WPS Office

CVSS 9.5 CRITICALEPSS 0.1%CWE-326

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

27 Mar 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber

Affected products

Kingsoft · WPS Office

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/