How severe is CVE-2020-25688?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2020-25688?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2020-25688

LOW Year: 2020

CVSS v3 Score

3.5

Low

CVSS v2 Score

2.7

Low

Weakness Type

CWE-321

View all →

Vulnerability Description

A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible.

CVE-2024-50564

LOW

CVSS:3.3(Low)

A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interproce...

CWE-3212024

CVE-2025-31362

LOW

CVSS:3.7(Low)

Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available. The vendor provides the workaround informa...

CWE-3212025

CVE-2024-52614

MEDIUM

CVSS:4.0(Medium)

Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the...

CWE-3212024

CVE-2023-21404

MEDIUM

CVSS:4.1(Medium)

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compr...

CWE-3212023

CVE-2024-33504

MEDIUM

CVSS:4.1(Medium)

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all version...

CWE-3212024

CVE-2019-10963

MEDIUM

CVSS:4.3(Medium)

Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must hav...

CWE-3212019

CVE-2020-25688

Vulnerability Description

Related Vulnerabilities

CVE-2024-50564

CVE-2025-31362

CVE-2024-52614

CVE-2023-21404

CVE-2024-33504

CVE-2019-10963