Cryptographic Weakness in OpenEdge Products by Progress Software
CVE-2025-8095

9.1CRITICAL

Key Information:

Vendor: Progress Software
Status: Openedge
Vendor: CVE Published:; 14 April 2026

🔔 Create Progress Software Vulnerability Alert

What is CVE-2025-8095?

The OECH1 prefix encoding employed by Progress Software's OpenEdge platform has been found to be cryptographically weak, posing significant risks for stored encodings and enterprise applications. This encoding fails to provide adequate security for sensitive data, making it susceptible to exploitation. It is crucial for organizations utilizing OpenEdge to transition to a more secure encoding method based on symmetric encryption without delay, safeguarding their applications and data integrity.

Affected Version(s)

OpenEdge Windows 12.2.0 <= 12.2.18

OpenEdge Windows 12.8.0 <= 12.8.9

References

https://community.progress.com/s/article/Unintended-Use-o...

CVSS V4

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Jul 23, 2025

Credit

Thomas Riedmaier, Siemens Energy

CVE-2025-8095 Data

JSON