CVE-2025-47222

MEDIUM

Keyfactor SignServer < 7.3.2 - Class Name Enumeration via Property Class Path

Title source: llm

Description

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information about the classes loaded in the application or not to the clientside.

References (3)

Core 3

Core References

Various Sources

https://support.keyfactor.com/hc/en-us/articles/37639174814235-SignServer-CVE-2025-47222-Class-name-enumeration

Release Notes

https://docs.keyfactor.com/signserver/latest/signserver-7-3-release-notes

Product

https://support.keyfactor.com

Scores

CVSS v3 6.5

EPSS 0.0026

EPSS Percentile 17.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

keyfactor/signserver < 7.3.1

Published Nov 13, 2025

Tracked Since Feb 18, 2026