CVE-2025-43023 - Vulnerability Details - OpenCVE

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).

Attack Vector Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Hp Linux Imaging And Printing Linux Imaging And Printing Project Photo And Imaging Software
Linux	Linux

No data.

No data.

References

Link	Providers
https://support.hp.com/us-en/document/ish_12804224-12804228-16/hpsbpi04033

History

Tue, 29 Jul 2025 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hp Hp hp Hp linux Imaging And Printing Hp linux Imaging And Printing Project Hp photo And Imaging Software Linux Linux linux
Vendors & Products		Hp Hp hp Hp linux Imaging And Printing Hp linux Imaging And Printing Project Hp photo And Imaging Software Linux Linux linux

Mon, 28 Jul 2025 18:00:00 +0000

Type	Values Removed	Values Added
Description		A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).
Title		HP Linux Imaging and Printing Software - Use of DSA Key
Weaknesses		CWE-347
References		https://support.hp.com/us-en/document/ish_12804224-12804228-16/hpsbpi04033
Metrics		cvssV4_0 `{'score': 5.9, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2025-07-28T17:46:46.398Z

Updated: 2025-07-28T17:46:46.398Z

Reserved: 2025-04-16T13:49:21.689Z

Link: CVE-2025-43023

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-07-28T18:15:25.030

Modified: 2025-07-29T14:14:29.590

Link: CVE-2025-43023

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-43023", "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "state": "PUBLISHED", "assignerShortName": "hp", "dateReserved": "2025-04-16T13:49:21.689Z", "datePublished": "2025-07-28T17:46:46.398Z", "dateUpdated": "2025-07-28T17:46:46.398Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HP Linux Imaging and Printing Software", "vendor": "HP, Inc.", "versions": [{"status": "affected", "version": "See HP security bulletin reference for affected versions"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).</span>"}], "value": "A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA)."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.9, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp", "dateUpdated": "2025-07-28T17:46:46.398Z"}, "references": [{"url": "https://support.hp.com/us-en/document/ish_12804224-12804228-16/hpsbpi04033"}], "source": {"discovery": "UNKNOWN"}, "title": "HP Linux Imaging and Printing Software - Use of DSA Key", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA)."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en HP Linux Imaging and Printing Software documentation. Esta vulnerabilidad se debe al uso de una clave de firma de c\u00f3digo d\u00e9bil, el algoritmo de firma digital (DSA)."}], "id": "CVE-2025-43023", "lastModified": "2025-07-29T14:14:29.590", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "hp-security-alert@hp.com", "type": "Secondary"}]}, "published": "2025-07-28T18:15:25.030", "references": [{"source": "hp-security-alert@hp.com", "url": "https://support.hp.com/us-en/document/ish_12804224-12804228-16/hpsbpi04033"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "hp-security-alert@hp.com", "type": "Secondary"}]}