Vulnerability Description
Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, CRC32, and SSDEEP). These algorithms, while possibly valid for certain non-security-critical tasks, can expose users to security risks if used in scenarios where strong cryptographic guarantees are required. This issue is fixed in 8.24.0.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/NationalSecurityAgency/emissary/commit/da3a81a8977577597ff2a9
- https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-hw43
- https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-hw43
FAQ
What is CVE-2025-27508?
CVE-2025-27508 is a vulnerability with a CVSS score of 7.5 (HIGH). Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recomm...
How severe is CVE-2025-27508?
CVE-2025-27508 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-27508?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.