High severity7.5NVD Advisory· Published Oct 10, 2017· Updated May 13, 2026
CVE-2015-7503
CVE-2015-7503
Description
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zendframework/zendframeworkPackagist | >= 2.5.0, < 2.5.2 | 2.5.2 |
zendframework/zend-cryptPackagist | >= 2.0.0, < 2.4.9 | 2.4.9 |
zendframework/zend-cryptPackagist | >= 2.5.0, < 2.5.2 | 2.5.2 |
zendframework/zendframeworkPackagist | >= 2.0.0, < 2.4.9 | 2.4.9 |
Affected products
11cpe:2.3:a:zend:zend_framework:2.4.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:zend:zend_framework:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:2.5.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- framework.zend.com/security/advisory/ZF2015-10nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-pm9m-w23q-5967ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-7503ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yamlghsaWEB
News mentions
0No linked articles in our index yet.