Vulnerability in Progress Software Corporation Openedge

CVE-2025-8095

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considere…

EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.

Affected products

Progress Software Corporation Openedge — versions 12.2.0, 12.8.0

Weakness classification (CWE)

CWE-257 — Storing Passwords in a Recoverable Format

References

community.progress.com/s/article/Unintended-Use-of-OECH1-for-Password-Secrets-P…