CVE-2025-9513

Name of the Vulnerable Software and Affected Versions: editso fuso versions up to 1.0.4-beta.7

Description: A flaw exists due to inadequate encryption strength caused by the manipulation of the priv key argument within the PenetrateRsaAndAesHandshake function located in the src/net/penetrate/handshake/mod.rs file. Remote exploitation is possible, but requires a high degree of complexity and is considered difficult to execute.

Recommendations: Versions prior to 1.0.4-beta.7: Address the inadequate encryption strength in the PenetrateRsaAndAesHandshake function by carefully validating and sanitizing the priv key argument. As a temporary workaround, consider restricting access to the PenetrateRsaAndAesHandshake function until a more permanent solution is implemented.