Unrated severityNVD Advisory· Published Nov 13, 2025· Updated Dec 17, 2025

CVE-2025-47222

Description

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information about the classes loaded in the application or not to the clientside.

Affected products

Keyfactor/SignServerdescription
Keyfactor/SignServerllm-fuzzy
Range: <7.3.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.keyfactor.com/signserver/latest/signserver-7-3-release-notesmitre
support.keyfactor.commitre
support.keyfactor.com/hc/en-us/articles/37639174814235-SignServer-CVE-2025-47222-Class-name-enumerationmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000