MEDIUM🇬🇧 English

CVE-2025-47220

CVSS 5.3v3.1pub. 2025-11-13upd. 2025-12-17

A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an existing file, readable by the user running the application server, but is not a recognized image format, it will return this as an error to the clientside, confirming the existences of the file.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Keyfactor Signserver

    APP
    Keyfactor
    < 7.3.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-26787MEDIUM4.7ten sam produkt

An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. Th...

CVE-2025-47221MEDIUM5.3ten sam produkt

An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODIS...

CVE-2025-47222MEDIUM6.5ten sam produkt

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class n...

CVE-2024-34458HIGH7.5ten sam vendor

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in inf...

CVE-2024-42006HIGH7.5ten sam vendor

Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure.