cbcvebase.
CVE-2025-27508
published 2025-03-05

CVE-2025-27508: Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or…

PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.19%
9.3th percentile
Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, CRC32, and SSDEEP). These algorithms, while possibly valid for certain non-security-critical tasks, can expose users to security risks if used in scenarios where strong cryptographic guarantees are required. This issue is fixed in 8.24.0.

Affected

1 ranges
VendorProductVersion rangeFixed in
nationalsecurityagencyemissary< 8.24.08.24.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.