Use of a Cryptographic Primitive with a Risky Implementation

CVE-2025-29808

Medium

5.5/10

Summary

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-1240 - Use of a Cryptographic Primitive with a Risky Implementation

To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.

References

Advisory Timeline

Published Apr 08, 2025

Use of a Cryptographic Primitive with a Risky Implementation

CVE-2025-29808

Summary

CWE-1240 - Use of a Cryptographic Primitive with a Risky Implementation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS