CVE-2025-27508

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-27508
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27508.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-27508
Aliases
Published
2025-03-05T21:32:42.470Z
Modified
2025-12-05T08:53:50.868323Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Emissary Use of a Broken or Risky Cryptographic Algorithm
Details

Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, CRC32, and SSDEEP). These algorithms, while possibly valid for certain non-security-critical tasks, can expose users to security risks if used in scenarios where strong cryptographic guarantees are required. This issue is fixed in 8.24.0.

Database specific 
{
    "cwe_ids": [
        "CWE-327"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27508.json"
}
References

Affected packages

Git / github.com/nationalsecurityagency/emissary

Affected ranges

Type
GIT
Repo
https://github.com/nationalsecurityagency/emissary
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
878c9d6cefd820fac04c7fc2991fc53f3b79b8bb

Affected versions

5.*
5.0.0
5.1.0
5.10.0
5.11.0
5.2.0
5.3.0
5.4.1
5.5.0
5.6.0
5.7.0
5.8.0
5.9.0
6.*
6.0.0
6.1.0
6.2.0
6.3.0
6.4.0
6.5.0
6.6.0
7.*
7.0.0
7.1.0
7.10.0
7.11.0
7.12.0
7.13.0
7.14.0
7.15.0
7.16.0
7.17.0
7.18.0
7.19.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0
7.9.0
emissary-7.*
emissary-7.19.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27508.json"