CVE-2025-47276

Name of the Vulnerable Software and Affected Versions: Actualizer versions prior to 1.2.0

Description: The issue concerns the use of OpenSSL's -passwd function, which utilizes SHA512 for password hashing, a less suitable algorithm. All Actualizer users building a full Debian Operating System are affected. The estimated number of potentially affected devices is not specified. To resolve the issue, users should upgrade to version 1.2.0 of Actualizer. For existing OS deployments, manual password changes are required against the root and Alpha accounts. The change will deploy Debian's yescript, overriding the older SHA512 hash created by OpenSSL.

Recommendations: For versions prior to 1.2.0, upgrade to version 1.2.0 of Actualizer. As a temporary workaround, users need to reset both root and Alpha users' passwords. Restrict access to the root and Alpha accounts until the issue is resolved by changing their passwords.