CVE-2025-27498
CVE-2025-27498 is a medium-severity vulnerability with a CVSS 4.0 base score of 5.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-347.
Key facts
- Severity: Medium (CVSS 4.0 base score 5.6)
- EPSS exploit prediction: 0% (2nd percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-5557
- Weakness: CWE-347
- Published:
- Last modified:
Description
aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because in decrypt_inplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The vulnerability is fixed in 0.4.3.
Frequently asked questions
- What is CVE-2025-27498?
- aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because in decrypt_inplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The vulnerability is fixed in 0.4.3.
- How severe is CVE-2025-27498?
- CVE-2025-27498 has a CVSS 4.0 base score of 5.6, rated medium severity.
- Is CVE-2025-27498 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (2nd percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-27498?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-27498 have an EU (EUVD) identifier?
- Yes. CVE-2025-27498 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-5557.
- When was CVE-2025-27498 published?
- CVE-2025-27498 was published on 2025-03-03 and last updated on 2026-06-17.
References
- https://github.com/RustCrypto/AEADs/commit/d1d749ba57e38e65b0e037cd744d0b17f7254037
- https://github.com/RustCrypto/AEADs/security/advisories/GHSA-r38m-44fw-h886
Other CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities
- CVE-2026-48558 — Critical (CVSS 10.0): SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the…
- CVE-2023-25574 — Critical (CVSS 10.0): `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI).…
- CVE-2024-45409 — Critical (CVSS 10.0): The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <=…
- CVE-2024-32962 — Critical (CVSS 10.0): xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default…
- CVE-2022-24884 — Critical (CVSS 10.0): ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()`…
- CVE-2021-33885 — Critical (CVSS 10.0): An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a…
Browse all CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities →