Use of Weak Hash

CVE-2025-49197

Medium

6.5/10

Summary

The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-328 - Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

References

Advisory Timeline

Published Jun 12, 2025

Use of Weak Hash

CVE-2025-49197

Summary

CWE-328 - Use of Weak Hash

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS