CVE-2025-45766Use of a Broken or Risky Cryptographic Algorithm in Poco

CWE-327Use of a Broken or Risky Cryptographic Algorithm5 documents5 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 96.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pocoproject Poco
Timeline
PublishedAug 6

Description

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 2.2 | Impact: 4.7

Affected Packages1 packages

NVDpocoproject/poco1.14.1

🔴Vulnerability Details

3
CVEList
CVE-2025-45766: poco v12025-08-06
OSV
CVE-2025-45766: poco v12025-08-06
GHSA
GHSA-3fpm-h3c3-72hq: poco v12025-08-06

📋Vendor Advisories

1
Debian
CVE-2025-45766: poco - poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue...2025
CVE-2025-45766 — Pocoproject Poco vulnerability | cvebase