NASA CryptoLib up to 1.3.1 Key State dynamically-managed code resources
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.2 | $0-$5k | 0.00 |
Summary
A vulnerability described as problematic has been identified in NASA CryptoLib up to 1.3.1. Affected is an unknown function of the component Key State Handler. The manipulation results in dynamically-managed code resources. This vulnerability is known as CVE-2025-46675. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.
Details
A vulnerability classified as problematic has been found in NASA CryptoLib up to 1.3.1. Affected is an unknown code block of the component Key State Handler. The manipulation with an unknown input leads to a dynamically-managed code resources vulnerability. CWE is classifying the issue as CWE-913. The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements. This is going to have an impact on integrity. CVE summarizes:
In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.
The advisory is shared for download at securitybynature.fr. This vulnerability is traded as CVE-2025-46675 since 04/27/2025. The exploitability is told to be difficult. It is possible to launch the attack remotely. There are neither technical details nor an exploit publicly available.
Upgrading to version 1.3.2 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-12472). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
Version
Website
- Product: https://github.com/nasa/CryptoLib/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.3VulDB Meta Temp Score: 3.2
VulDB Base Score: 3.1
VulDB Temp Score: 3.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 3.5
CNA Vector (MITRE): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Dynamically-managed code resourcesCWE: CWE-913
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: CryptoLib 1.3.2
Patch: github.com
Timeline
04/27/2025 🔍04/27/2025 🔍
04/27/2025 🔍
05/25/2025 🔍
Sources
Product: github.comAdvisory: securitybynature.fr
Status: Confirmed
CVE: CVE-2025-46675 (🔍)
GCVE (CVE): GCVE-0-2025-46675
GCVE (VulDB): GCVE-100-306360
EUVD: 🔍
Entry
Created: 04/27/2025 10:06Updated: 05/25/2025 21:15
Changes: 04/27/2025 10:06 (65), 05/25/2025 21:15 (1)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.