CVE-2025-2516

Name of the Vulnerable Software and Affected Versions WPS Office (Kingsoft) versions (affected versions not specified)

Description The issue involves the use of a weak cryptographic key pair in the signature verification process, allowing an attacker who successfully recovered the private key to sign components. Additionally, older versions of the software did not validate the update server's certificate, making them vulnerable to Adversary-In-The-Middle attacks, which could result in updates being hijacked.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.