Cryptographic Vulnerability in NASA CryptoLib Affecting Spacecraft Operations
CVE-2025-46675

4.2MEDIUM

Key Information:

Vendor: Nasa
Status: Cryptolib
Vendor: CVE Published:; 27 April 2025

What is CVE-2025-46675?

Inversions of NASA's CryptoLib before version 1.3.2 possess a significant cryptographic flaw, where the state of cryptographic keys can be utilized without prior validation. This oversight may result in unauthorized control over spacecraft systems, potentially leading to dangerous hijacking scenarios.

Affected Version(s)

CryptoLib 0 < 1.3.2

References

https://securitybynature.fr/post/hacking-cryptolib/

https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2

https://github.com/nasa/CryptoLib/pull/358

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2025

Nasa

What is CVE-2025-46675?

Affected Version(s)

References

CVSS V3.1

Timeline