CVE-2025-2516

CRITICAL Year: 2025
Weakness Type
CWE-326
View all →

Vulnerability Description

The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked.

Related Vulnerabilities

CVE-2020-6966

CRITICAL
CVSS:10.0(Critical)

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the ...

CWE-3262020

CVE-2011-4121

CRITICAL
CVSS:9.8(Critical)

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use th...

CWE-3262011

CVE-2013-2166

CRITICAL
CVSS:9.8(Critical)

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

CWE-3262013

CVE-2013-7287

CRITICAL
CVSS:9.8(Critical)

MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.

CWE-3262013

CVE-2014-9975

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.

CWE-3262014

CVE-2015-0575

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.

CWE-3262015