目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2025-29774 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
密码学签名的验证不恰当
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
NPM xml-crypto 数据伪造问题漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
NPM xml-crypto是NPM公司的一个数字签名和加密库。 NPM xml-crypto 6.0.0及之前版本存在安全漏洞,该漏洞源于绕过身份验证或授权机制,允许攻击者修改有效的签名XML消息。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
node-samlxml-crypto >= 4.0.0, < 6.0.1 -
二、漏洞 CVE-2025-29774 的公开POC
#POC 描述源链接神龙链接
1How CVE-2025-29774 Vulnerabilities and the SIGHASH_SINGLE Bug Threaten Multi-Signature Wallet Operational Methods with Fake RawTXhttps://github.com/demining/Digital-Signature-Forgery-AttackPOC详情
2Phantom Signature Attack: An Analysis of the Critical Vulnerability CVE-2025-29774 in the Bitcoin Protocol, SIGHASH_SINGLE Implementation Flaws, and the Mathematical Framework for Private Key Recovery in Lost Cryptocurrency Wallets Enabling Unrestricted Control over BTC Assetshttps://github.com/demining/Phantom-Signature-AttackPOC详情
3🔍 Analyze critical vulnerabilities in Bitcoin's signature implementation, focusing on CVE-2025-29774 and enabling secure cryptocurrency recovery.https://github.com/Mrrishuyt/mrrishuyt.github.ioPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2025-29774 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: xml-crypto
Same vendor: node-saml
Same weakness: CWE-347
V. Comments for CVE-2025-29774

暂无评论

发表评论