CVE-2025-4894 — LOW (3.7) — White Hats Nepal

Vulnerability Description

A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

CVSS Score

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Calmkart	Django-Sso-Server	All versions

Related Weaknesses (CWE)

CWE-310 CWE-326

References

https://vuldb.com/?ctiid.309448Permissions RequiredVDB Entry
https://vuldb.com/?id.309448Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.578019ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2025-4894?

CVE-2025-4894 is a vulnerability with a CVSS score of 3.7 (LOW). A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file commo...

How severe is CVE-2025-4894?

CVE-2025-4894 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-4894?

Check the references section above for vendor advisories and patch information. Affected products include: Calmkart Django-Sso-Server.