CVE-2025-46394 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.2 LOW	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
mitre	CNA	3.2 LOW				CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Affected Products (NVD)

Vendor	Product	Version
busybox	busybox	𝑥 ≤ 1.37.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

busybox

bookworm	postponed
bullseye	postponed
bullseye (security)	vulnerable
forky	1:1.37.0-10 fixed
sid	1:1.37.0-10 fixed
trixie	postponed

Ubuntu Releases

Ubuntu Product

Codename

busybox

bionic	needed
focal	needed
jammy	needed
noble	needed
oracular	ignored
plucky	ignored
questing	needed
trusty	needed
xenial	needed

Common Weakness Enumeration

CWE-451 - User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

References

https://bugs.busybox.net/show_bug.cgi?id=16018

https://www.busybox.net

https://www.busybox.net/downloads/

http://www.openwall.com/lists/oss-security/2025/04/23/5

http://www.openwall.com/lists/oss-security/2025/04/24/3