How severe is CVE-2025-47276?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2025-47276?

This is classified as CWE-328, which is a common weakness in software security.

CVE-2025-47276 - HIGH Severity | CVSS 7.5

Vulnerability Description

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer users building a full Debian Operating System are affected. Users should upgrade to version 1.2.0 of Actualizer. Existing OS deployment requires manual password changes against the alpha and root accounts. The change will deploy's Debian's yescript overriding the older SHA512 hash created by OpenSSL. As a workaround, users need to reset both `root` and "Alpha" users' passwords.

Related Vulnerabilities

CVE-2023-2900

HIGH

CVSS:7.5(High)

A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to ...

CWE-3282023

CVE-2024-47182

HIGH

CVSS:7.5(High)

Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches t...

CWE-3282024

CVE-2019-13539

HIGH

CVSS:7.8(High)

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1....

CWE-3282019

CVE-2024-23589

MEDIUM

CVSS:6.8(Medium)

Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs

CWE-3282024

CVE-2025-31130

MEDIUM

CVSS:6.8(Medium)

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide...

CWE-3282025

CVE-2022-3433

MEDIUM

CVSS:6.5(Medium)

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending speciall...

CWE-3282022