Vulnerability in Kingsoft Wps Office

CVE-2025-2516

The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not v…

EPSS: 0.002 (41.8th percentile) — read the EPSS interpretation.

Affected products

Kingsoft Wps Office — versions 12.1.0.18276

Weakness classification (CWE)

CWE-326 — Inadequate Encryption Strength

References

www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-impla…