CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-46833: Programs/P73_SimplePythonEncryption.py has weak cryptographic key

4.6 CVSS

Description

Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.

Classification

CVE ID: CVE-2025-46833

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.6

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Problem Types

CWE-326: Inadequate Encryption Strength

Affected Products

Vendor: ShashikantSingh09

Product: python-progrrames

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.46% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46833
https://github.com/ShashikantSingh09/python-progrrames/security/advisories/GHSA-5h26-2c6g-4ch4
https://github.com/ShashikantSingh09/python-progrrames/commit/6ce60b1b2116a579a2e89de96d738a98f6ad4f27

Timeline

2025-05-08 20:40:11 UTC
CVE

Programs/P73_SimplePythonEncryption.py has weak cryptographic key