Use of a Cryptographic Primitive with a Risky Implementation

CVE-2025-58720

High

7.8/10

Summary

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1240 - Use of a Cryptographic Primitive with a Risky Implementation

To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.

References

Advisory Timeline

Published Oct 14, 2025

Use of a Cryptographic Primitive with a Risky Implementation

CVE-2025-58720

Summary

CWE-1240 - Use of a Cryptographic Primitive with a Risky Implementation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS