Cyber Resilience

CVE-2025-63912

HighPublic PoC

Published: 03 March 2026

Published
03 March 2026
Modified
10 May 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0001 0.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-63912 is a high-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Cohesity Tranzman. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 0.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-28 (Protection of Information at Rest).

Deeper analysis

CVE-2025-63912 is a vulnerability in the Cohesity TranZman Migration Appliance Release 4.0 Build 14614, where a weak cryptography algorithm (CWE-327) is used for data encryption. This flaw enables attackers to trivially reverse the encryption and expose credentials. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact from network-based attacks.

Remote attackers require no privileges or user interaction to exploit this vulnerability. Successful exploitation allows them to decrypt protected data and retrieve sensitive credentials stored within the appliance.

Further details, including potential mitigation guidance, are available in the following references: https://gist.github.com/GregDurys/4c2765d76272cda64dfc78f7a75a9251 and https://github.com/GregDurys/Cohesity-TranZman-CVEs.

EU & UK References

Vulnerability details

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Weak crypto (CWE-327) in network-accessible appliance directly enables remote unauthenticated decryption of stored credentials (T1190 + T1552).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-63910Same product: Cohesity Tranzman
CVE-2025-63911Same product: Cohesity Tranzman
CVE-2025-67840Same product: Cohesity Tranzman
CVE-2025-63909Same product: Cohesity Tranzman
CVE-2024-43178Shared CWE-327
CVE-2024-27256Shared CWE-327
CVE-2026-27519Shared CWE-327
CVE-2024-22347Shared CWE-327
CVE-2025-68702Shared CWE-327
CVE-2025-14480Shared CWE-327

Affected Assets

cohesity
tranzman
4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires approved cryptographic algorithms and prohibits weak algorithms such as the one used in CVE-2025-63912 for protecting credentials.

prevent

Mandates cryptographic protection of information at rest, directly preventing exposure of stored credentials via weak encryption on the appliance.

prevent

Requires secure management and protection of authenticators, which would be undermined by the weak encryption flaw allowing credential exposure.

References