How severe is CVE-2025-25201?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4 out of 10.

What type of vulnerability is CVE-2025-25201?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2025-25201 - MEDIUM Severity | CVSS 4

Vulnerability Description

Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the application. An attacker without access to the proper administration key would be able to generate new keys and overwrite certificates. Such an attacker would not be able to read-out or extract existing private data, nor would they be able to gain access to cryptographic operations that would normally require PIN-based authentication. The issue is fixed in piv-authenticator 0.3.9, and in Nitrokey's firmware 1.8.1.

Related Vulnerabilities

CVE-2017-1783

MEDIUM

CVSS:4.0(Medium)

IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.

CWE-2872017

CVE-2017-7937

MEDIUM

CVSS:4.0(Medium)

An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS se...

CWE-2872017

CVE-2022-27839

MEDIUM

CVSS:4.0(Medium)

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.

CWE-2872022

CVE-2018-7947

LOW

CVSS:3.9(Low)

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debu...

CWE-2872018

CVE-2023-20867

LOW

CVSS:3.9(Low)

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

CWE-2872023

CVE-2023-32453

LOW

CVSS:3.9(Low)

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI ...

CWE-2872023