{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2516","assignerOrgId":"4a9b9929-2450-4021-b7b9-469a0255b215","state":"PUBLISHED","assignerShortName":"ESET","dateReserved":"2025-03-19T07:49:48.800Z","datePublished":"2025-03-27T14:29:22.907Z","dateUpdated":"2025-03-27T15:15:56.127Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://www.wps.com/","defaultStatus":"unknown","platforms":["Windows"],"product":"WPS Office","vendor":"Kingsoft","versions":[{"status":"unknown","version":"12.1.0.18276","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div>The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components.</div><div>As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked.</div>"}],"value":"The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components.\n\nAs older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"This vulnerability was also found by a threat actor who weaponized it.<br>"}],"value":"This vulnerability was also found by a threat actor who weaponized it."}],"impacts":[{"capecId":"CAPEC-20","descriptions":[{"lang":"en","value":"CAPEC-20 Encryption Brute Forcing"}]},{"capecId":"CAPEC-187","descriptions":[{"lang":"en","value":"CAPEC-187 Malicious Automated Software Update via Redirection"}]},{"capecId":"CAPEC-485","descriptions":[{"lang":"en","value":"CAPEC-485 Signature Spoofing by Key Recreation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"HIGH","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.5,"baseSeverity":"CRITICAL","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-326","description":"CWE-326 Inadequate Encryption Strength","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"4a9b9929-2450-4021-b7b9-469a0255b215","shortName":"ESET","dateUpdated":"2025-03-27T14:29:22.907Z"},"references":[{"url":"https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/"}],"source":{"discovery":"UNKNOWN"},"title":"Use of a weak cryptographic key in the signature verification process in WPS Office","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-27T15:15:47.648387Z","id":"CVE-2025-2516","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-27T15:15:56.127Z"}}]}}