CVE-2025-4894 MEDIUM

CVE-2025-4894: calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption

Vendor Calmkart
Product Django-sso-server
Weakness CWE-326 · Weak encryption
Published May 18, 2025
Last update May 19, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Key dates

02Disclosure timeline

May 18, 2025 CVE published
May 19, 2025 Record updated