How severe is CVE-2025-1243?

This vulnerability has a severity rating of LOW with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-1243?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2025-1243 - LOW Severity | CVSS N/A

Vulnerability Description

The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the `update response` field not having Data Converter transformations (e.g. encryption) applied. This is an issue only when using the UpdateWorkflowExecution APIs (released on 13th January 2025) with a proxy leveraging the api-go library before version 1.44.1. Other data fields were correctly sent to Data Converter. This issue does not impact the Data Converter server. Data was encrypted in transit. Temporal Cloud services are not impacted.

Related Vulnerabilities

CVE-2017-9632

CRITICAL

CVSS:9.8(Critical)

A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserW...

CWE-3112017

CVE-2017-9854

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. Thes...

CWE-3112017

CVE-2018-10698

CRITICAL

CVSS:9.8(Critical)

An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff t...

CWE-3112018

CVE-2018-13992

CRITICAL

CVSS:9.8(Critical)

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

CWE-3112018

CVE-2018-17915

CRITICAL

CVSS:9.8(Critical)

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allo...

CWE-3112018

CVE-2018-20100

CRITICAL

CVSS:9.8(Critical)

An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data ...

CWE-3112018