CVE-2025-46672: NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.
3.5
CVSS
Description
NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.
Classification
CVE ID: CVE-2025-46672
CVSS Base Severity: LOW
CVSS Base Score: 3.5
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Problem Types
CWE-252 Unchecked Return ValueAffected Products
Vendor: NASA
Product: CryptoLib
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 6.99% (scored less or equal to compared to others)
EPSS Date: 2025-05-28 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: poc
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2025-46672https://github.com/nasa/CryptoLib/pull/360
https://securitybynature.fr/post/hacking-cryptolib/
https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2