CVE-2025-47220 — MEDIUM (5.3)

Q: How severe is CVE-2025-47220?

CVE-2025-47220 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-47220?

Check the references section above for vendor advisories and patch information. Affected products include: Keyfactor Signserver.

Vulnerability Description

A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an existing file, readable by the user running the application server, but is not a recognized image format, it will return this as an error to the clientside, confirming the existences of the file.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Keyfactor	Signserver	< 7.3.1

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2025-47220?

CVE-2025-47220 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH, which exists in the PDFSigner and the PAdESSigner, can be set to a...

How severe is CVE-2025-47220?

CVE-2025-47220 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-47220?

Check the references section above for vendor advisories and patch information. Affected products include: Keyfactor Signserver.