How severe is CVE-2025-24904?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.5 out of 10.

What type of vulnerability is CVE-2025-24904?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2025-24904 - HIGH Severity | CVSS 8.5

Vulnerability Description

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content envelopes could be injected by a server or a malicious client, and may have been able to bypass the end-to-end encryption and authentication. The vulnerability is fixed per 82d70f6720e762898f34ae76b0894b0297d9b2f8. The `Metadata` struct contains an additional `was_encrypted` field, which breaks the API, but should be easily resolvable. No known workarounds are available.

Related Vulnerabilities

CVE-2017-18786

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R...

CWE-742017

CVE-2017-18787

HIGH

CVSS:8.4(High)

CWE-742017

CVE-2017-18792

HIGH

CVSS:8.4(High)

NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.

CWE-742017

CVE-2017-18794

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7...

CWE-742017

CVE-2017-18849

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before...

CWE-742017

CVE-2020-16087

HIGH

CVSS:8.6(High)

An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted...

CWE-742020