Vulnerability in Emissary Workflow Engine Allows Use of Weak Cryptographic Algorithms
CVE-2025-27508

7.5HIGH

Key Information:

Vendor

Nationalsecurityagency

Status
Emissary
Vendor
CVE Published:
5 March 2025

What is CVE-2025-27508?

The Emissary workflow engine has a vulnerability in its ChecksumCalculator class, which uses cryptographic algorithms that are no longer considered secure, such as SHA-1, CRC32, and SSDEEP. These outdated algorithms may be suitable for non-security-critical applications but pose significant security risks when handling sensitive data requiring robust cryptographic protections. Users are encouraged to upgrade to version 8.24.0 or later to mitigate potential threats.

Affected Version(s)

emissary < 8.24.0

References

https://github.com/NationalSecurityAgency/emissary/securi...
x_refsource_CONFIRM
https://github.com/NationalSecurityAgency/emissary/commit...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.