CVSS 3.1 Score 7.5 of 10 (high)


Published Jul 14, 2023
Updated: Nov 7, 2023
CWE ID 295


CVE-2023-38325 is a vulnerability in the cryptography package before version 41.0.2 for Python, affecting products with the IDs sG6Yvj, sG6Yvm, sG6Yvn, sG6Yvk, and sG6Yvl. This vulnerability occurs due to mishandling of SSH certificates with critical options. The base severity of this vulnerability is rated as HIGH with a score of 7.5 according to NIST. It has a network attack vector and can have a high integrity impact on affected systems. No user interaction or privileges are required for exploitation. To remediate this vulnerability, it is recommended to update the cryptography package to version 41.0.2 or higher in order to mitigate the potential danger it poses to organizations.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-38325 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options