CVE-2025-4894

calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption

CVSS 6.3 MEDIUMEPSS 0.2%CWE-310 CWE-326

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.3EPSS 0.2%KEV nãoPoC —Patch —

Ciclo de vida

18 may 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

calmkart · Django-sso-server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://vuldb.com/?ctiid.309448 https://vuldb.com/?id.309448 https://vuldb.com/?submit.578019