CVE-2025-9513

LOW

Editso Fuso <1.0.4-beta.7 - Code Injection

Title source: llm

Description

A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is reported as difficult.

References (4)

[Permissions Required, VDB Entry] https://vuldb.com/?id.321506

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.321506

[Permissions Required, VDB Entry] https://vuldb.com/?submit.635449

[Various Sources] https://chatgpt.com/share/68ae1bfa-8cd4-8005-8add-969bc42047b4

Scores

CVSS v3 3.7

EPSS 0.0001

EPSS Percentile 1.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-310 CWE-326

Status published

Products (8)

editso/fuso 1.0.4-beta.0

editso/fuso 1.0.4-beta.1

editso/fuso 1.0.4-beta.2

editso/fuso 1.0.4-beta.3

editso/fuso 1.0.4-beta.4

editso/fuso 1.0.4-beta.5

editso/fuso 1.0.4-beta.6

editso/fuso 1.0.4-beta.7

Published Aug 27, 2025

Tracked Since Feb 18, 2026