anonhaven
Ad

CVE-2025-27508

HIGH CVSS 3.1: 7.5 EPSS 0.13%
Updated Mar 07, 2025
Emissary
Parameter Value
CVSS 7.5 (HIGH)
Fixed In 8.24.0
Type CWE-327 (Weak Crypto Algorithm)
Vendor Emissary
Public PoC No

Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, CRC32, and SSDEEP). These algorithms, while possibly valid for certain non-security-critical tasks, can expose users to security risks if used in scenarios where strong cryptographic guarantees are required.

This issue is fixed in 8.24.0.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-327 Weak Crypto Algorithm

References 2

https://github.com/NationalSecurityAgency/emissary/commit/da3a81a8977577597ff2a…
security-advisories@github.com
https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-hw4…
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-35583

Nationalsecurityagency

5.3

CVE-2026-35581

Nsa

7.2

CVE-2026-35571

Emissary

4.8