CVE-2025-2516
Severity CVSS v4.0:
CRITICAL
Type:
CWE-326
Inadequate Encryption Strength
Publication date:
27/03/2025
Last modified:
27/03/2025
Description
The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components.<br />
<br />
As older versions of WPS Office did not validate the update server&#39;s certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked.
Impact
Base Score 4.0
9.50
Severity 4.0
CRITICAL