Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-2516

The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked.

Published

2025-03-27T15:16:01.280

Last Modified

2025-03-27T16:45:12.210

Status

Awaiting Analysis

Source

[email protected]

Severity

Weaknesses

Type: Secondary
CWE-326

Affected Vendors & Products

References

https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/ ([email protected])