CVE-2025-8095— Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-8095
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge
Source: NVD (National Vulnerability Database)
Vulnerability Description
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric encryption.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
以可恢复格式存储口令
Source: NVD (National Vulnerability Database)
Vulnerability Title
Progress OpenEdge 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Progress OpenEdge是美国Progress公司的一个企业级应用开发与数据库管理平台。 Progress OpenEdge存在安全漏洞,该漏洞源于OECH1前缀编码加密强度弱,可能导致编码被利用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Progress Software Corporation | OpenEdge | 12.2.0 ~ 12.2.18 | - |
II. Public POCs for CVE-2025-8095
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-8095
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: OpenEdge
- CVE-2025-7389
Unauthorized Arbitrary File Read via RMI in AdminServer Inte - CVE-2025-7388
Authenticated Command Injection via configuration parameter - CVE-2024-7346
Client connections using default TLS certificates from OpenE - CVE-2024-7345
Direct local client connections to MS Agents can bypass auth - CVE-2024-7654
Unauthenticated Content Injection in OpenEdge Management web
Same vendor: Progress Software Corporation
- CVE-2025-7389
Unauthorized Arbitrary File Read via RMI in AdminServer Inte - CVE-2025-7388
Authenticated Command Injection via configuration parameter - CVE-2025-2572
WhatsUp Gold NmConfigurationManager.exe database manipulatio - CVE-2025-1968
Progress Sitefinity 代码问题漏洞 - CVE-2024-6097
Absolute Path Traversal Vulnerability
Same weakness: CWE-257
- CVE-2026-22574
Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 安全漏洞 - CVE-2026-22576
Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 安全漏洞 - CVE-2016-15058
Hirschmann HiLCOS Classic Platform Password Exposure via SNM - CVE-2026-22614
Eaton Easysoft 安全漏洞 - CVE-2026-30785
RustDesk Encrypts Local Passwords with World-Readable Machin
V. Comments for CVE-2025-8095
No comments yet