24 matches found
PT-2025-52670
Name of the Vulnerable Software and Affected Versions Keyfactor SignServer versions prior to 7.2 Description A flaw exists in the startup logic of the Keyfactor SignServer container. The Admin CLI command, designed to configure certificate access during the initial container startup, incorrectly...
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.2, which stems from an error in the container startup logic and could result in a reset configuration to allowany...
CVE-2025-26787
CVE-2025-26787 affects Keyfactor SignServer prior to 7.2. The issue arises from a logic error in the SignServer container startup routine: the Admin CLI command intended to configure certificate access at the initial startup is executed on every container restart, resetting the access policy to "...
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
CVE-2025-47220
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...
EUVD-2025-175377
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 3 of 3...
EUVD-2025-175378
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 2 of 3...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
CVE-2025-47220
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
PT-2025-46910
Name of the Vulnerable Software and Affected Versions Keyfactor SignServer versions prior to 7.3.1 Description Keyfactor SignServer has an issue with Incorrect Access Control. This allows for an authentication bypass. Recommendations Update to version 7.3.1 or later...
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.3.1 that stems from improper access control...
CVE-2025-47220
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.3.1 that stems from improper access control...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
CVE-2025-47222
Keyfactor SignServer is affected in versions prior to 7.3.2 by a class name enumeration vulnerability that allows information about loaded classes to be exposed to the client side when setting a chosen class name in properties requiring a class path. The issue arises from an unexpected difference...
CVE-2025-47221
CVE-2025-47221 : Keyfactor SignServer versions before 7.3.2 contain an arbitrary file write flaw. The ARCHIVETODISK_FILENAME-PATTERN, ARCHIVETODISK_PATH_BASE, and ARCHIVETODISK_PATH_PATTERN properties can be set to any path, enabling a user with admin access to write files in arbitrary server dir...
PT-2025-46909
Name of the Vulnerable Software and Affected Versions Keyfactor SignServer versions prior to 7.3.1 Description Keyfactor SignServer has an issue with Incorrect Access Control. This allows for an authentication bypass. Recommendations Update Keyfactor SignServer to version 7.3.1 or later...