QwikSec

Security Database

CVE

CWE

Training

CVE-2025-47276

Published: May 13, 2025

Modified: May 13, 2025

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer users building a full Debian Operating System are affected. Users should upgrade to version 1.2.0 of Actualizer. Existing OS deployment requires manual password changes against the alpha and root accounts. The change will deploy's Debian's yescript overriding the older SHA512 hash created by OpenSSL. As a workaround, users need to reset both `root` and "Alpha" users' passwords.

Vendor	Product	Versions
ChewKeanHo	Actualizer	affected `< 1.2.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

References

https://github.com/ChewKeanHo/Actualizer/security/advisories/GHSA-v626-chv9-v9qr

x_refsource_CONFIRM

https://github.com/ChewKeanHo/Actualizer/issues/1

x_refsource_MISC

https://github.com/openssl/openssl/issues/19340

x_refsource_MISC

https://github.com/ChewKeanHo/Actualizer/commit/32c9cc232c856f078f8269fba80ce7562bbff86b

x_refsource_MISC

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html

x_refsource_MISC

https://github.com/ChewKeanHo/Actualizer/releases/tag/v1.2.0

x_refsource_MISC

https://www.reddit.com/r/debian/comments/1kknzqi/actualizer_v110_upgraded

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.