CVE-2025-47222

MEDIUM
Published Nov 13, 2025 Modified Dec 17, 2025 CWE-284

Description

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information about the classes loaded in the application or not to the clientside.

CVSS v3.1 Score

6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Weakness Type (CWE)

CWE-284 CWE-284

Affected Products

Vendor Product
keyfactor signserver

References

Frequently Asked Questions

What is CVE-2025-47222? +
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information about the classes loaded in the application or not to the clientside. It has a CVSS v3.1 base score of 6.5 (MEDIUM).
How severe is CVE-2025-47222? +
CVE-2025-47222 has a CVSS v3.1 score of 6.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2025-47222? +
CVE-2025-47222 affects products from keyfactor, specifically: signserver. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-47222? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-47222 — free, no signup required.

Start Free Scan