CVE-2025-2516

Severity CVSS v4.0:
CRITICAL
Type:
CWE-326 Inadequate Encryption Strength
Publication date:
27/03/2025
Last modified:
27/03/2025

Description

The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components.<br /> <br /> As older versions of WPS Office did not validate the update server&amp;#39;s certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked.