CVE-2025-46673

Published: Apr 27, 2025

Modified: Apr 29, 2025

PUBLISHED

CVSS v3.1

4.9

MEDIUM

Description

NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).

Vendor	Product	Versions
NASA	CryptoLib	affected `0 - < 1.3.2`

Weaknesses (CWE)

CWE-913

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://securitybynature.fr/post/hacking-cryptolib/

https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2

https://github.com/nasa/CryptoLib/pull/286

https://github.com/nasa/CryptoLib/pull/306

https://github.com/nasa/CryptoLib/compare/v1.3.0...v1.3.1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-46673

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References