CVE-2025-8095: CWE-257 in Progress Software Corporation OpenEdge
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric encryption.
AI Analysis
Technical Summary
The OECH1 prefix encoding in OpenEdge versions 12.2.0 and 12.8.0 is cryptographically weak and exploitable, failing to provide adequate protection for stored data. This encoding should be replaced by other supported prefix encodings based on symmetric encryption to mitigate the risk. The vulnerability is tracked as CWE-257, indicating the use of a hard-coded or weak cryptographic key or encoding. There is no vendor advisory or patch available at this time, and the vulnerability has a critical CVSS 4.0 score of 9.1, reflecting high impact and ease of exploitation.
Potential Impact
The cryptographic weakness in OECH1 prefix encoding can lead to exposure of obfuscated values across the OpenEdge platform, potentially compromising sensitive data. Given the critical severity and high CVSS score, exploitation could result in significant confidentiality and integrity impacts. However, no known exploits have been reported in the wild so far.
Mitigation Recommendations
No official patch or remediation level has been provided by the vendor yet. Users should immediately replace OECH1 prefix encodings with any other supported prefix encoding methods that use symmetric encryption as recommended. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2025-8095: CWE-257 in Progress Software Corporation OpenEdge
Description
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric encryption.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The OECH1 prefix encoding in OpenEdge versions 12.2.0 and 12.8.0 is cryptographically weak and exploitable, failing to provide adequate protection for stored data. This encoding should be replaced by other supported prefix encodings based on symmetric encryption to mitigate the risk. The vulnerability is tracked as CWE-257, indicating the use of a hard-coded or weak cryptographic key or encoding. There is no vendor advisory or patch available at this time, and the vulnerability has a critical CVSS 4.0 score of 9.1, reflecting high impact and ease of exploitation.
Potential Impact
The cryptographic weakness in OECH1 prefix encoding can lead to exposure of obfuscated values across the OpenEdge platform, potentially compromising sensitive data. Given the critical severity and high CVSS score, exploitation could result in significant confidentiality and integrity impacts. However, no known exploits have been reported in the wild so far.
Mitigation Recommendations
No official patch or remediation level has been provided by the vendor yet. Users should immediately replace OECH1 prefix encodings with any other supported prefix encoding methods that use symmetric encryption as recommended. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- ProgressSoftware
- Date Reserved
- 2025-07-23T16:36:12.176Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69de455082d89c981f9c8aa2
Added to database: 4/14/2026, 1:46:56 PM
Last enriched: 4/14/2026, 2:01:49 PM
Last updated: 4/14/2026, 3:33:40 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.