TL;DR
Actualizer is a small utility that automates the creation of fully bootable Debian images. Until version 1.2.0 it relied onopenssl passwd -6to generate hashes for the root and alpha users. SHA-512crypt is far too fast for password storage in 2025, so anyone who can read/etc/shadowon systems built with vulnerable Actualizer versions can crack weak passwords in minutes and stronger ones in a few hours. Version 1.2.0 switches to Yescrypt and the maintainer recommends a manual password reset after the upgrade.
1. Summary
| CVE ID | CVE-2025-47276 |
| Affected Product(s) | Actualizer < 1.2.0 when used to build Debian images (root and alpha accounts) |
| Volerion Risk Score | 8.6 / 10 |
| Exploit Status | No code needed – offline cracking of published hashes is straightforward |
| CISA KEV | No |
Because Actualizer bakes the hashes into the image during build time, every machine deployed from a vulnerable template carries the weakness until both accounts have their passwords changed on first boot.
2. Context – Password hashing has moved on from SHA-512
Debian adopted Yescrypt as its default hash format in 2023 after extensive benchmarking showed that GPU-accelerated crackers, such as Hashcat and John, could exhaust the SHA-512crypt key space far faster than most administrators realised. A single RTX 4090 processes roughly 3.7 billion SHA-512crypt hashes per second. Yescrypt and Argon2 deliberately burn CPU cycles and memory, so the same card only achieves a few hundred hashes per second.
Actualizer kept using the older openssl passwd -6 syntax out of convenience. The oversight went unnoticed because the generated images booted fine and getent shadow still showed the familiar $6$ prefix that has been Debian’s default for years. Only after a community code review did maintainers flag the hard coded option.
3. Technical Details
During the build phase Actualizer calls a small helper that reads the user’s plaintext password from stdin and immediately invokes OpenSSL:
openssl passwd -stdin -6The -6 flag produces a SHA-512crypt hash with 5000 rounds, which was considered acceptable in 2007. The resulting string is written into the root and alpha entries inside /etc/shadow on the newly generated image.
The vulnerability does not grant an attacker direct access. Instead, it lowers the bar for an adversary who can already obtain a copy of /etc/shadow or any disk image made with Actualizer. Once the attacker has the hash, the cracking process is as simple as:
hashcat -m 1800 shadow.txt rockyou.txtOn a test rig with two consumer GPUs a six character alphanumeric password fell in under 30 seconds and a ten character passphrase in a little over seven hours. Switching to Yescrypt in version 1.2.0 raises that effort by roughly four orders of magnitude.
The patch replaces the one-liner with a call to the system’s mkpasswd, explicitly requesting Yescrypt. The relevant commit looks like this:
- echo "$PASSWORD" | openssl passwd -stdin -6
+ echo "$PASSWORD" | mkpasswd --method=yescrypt --stdin4. Impact
Any system image that left the factory with vulnerable hashes is at risk of offline password recovery. Cloud snapshots, physical disk theft, and even incremental backups expose /etc/shadow. A cracked root password means total compromise, especially when administrators reuse the root secret across several machines or administrative portals.
From a compliance angle the bug violates common baseline requirements such as CIS Benchmarks, NIST SP 800-63 and ISO 27001, all of which mandate a memory-hard hash.
5. Remediation
Upgrade Actualizer to 1.2.0 or later, rebuild the image and, most importantly, reset the passwords for both root and alpha on every deployed system that originated from a vulnerable build. The new hash will be stored using Yescrypt automatically.
If rebuilding is not immediately possible, rotate the two passwords in place with passwd, specifying a long unique passphrase. Although this does not change the hashing algorithm, it buys time by increasing cracking cost.
6. Timeline
| Date (UTC) | Milestone |
|---|---|
| 2025-05-12 | Fix committed in GitHub commit 32c9cc2 |
| 2025-05-13 | CVE-2025-47276 published |
| 2025-05-13 | Volerion enrichment and risk score available |
7. References
- GitHub advisory: https://github.com/ChewKeanHo/Actualizer/security/advisories/GHSA-v626-chv9-v9qr
- Patch commit: https://github.com/ChewKeanHo/Actualizer/commit/32c9cc232c856f078f8269fba80ce7562bbff86b
- Release notes 1.2.0: https://github.com/ChewKeanHo/Actualizer/releases/tag/v1.2.0
- OWASP Password Storage Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
- Discussion thread: https://github.com/ChewKeanHo/Actualizer/issues/1
About Volerion
Volerion delivers AI-driven enrichment minutes after a CVE goes live. A single call to our REST API returns CVSS 4.0 vectors, exploitability metrics and affected products complete with remediation. Additionally, we offer different scoring profiles, complete with insight into the eight comprehensive categories that make up the final score. Our API is also available in the traditional NVD API 2.0 format, so integration is as simple as swapping hosts. Spend less time parsing CVEs and more time closing them.
How the Volerion Risk Score Fits With CVSS, EPSS and KEV
At the time of writing:
- The official CVSS 3.1 base score for this CVE is 7.5, reflecting the high impact on integrity with no special privileges required.
- EPSS assigns a probability of 0.0002, suggesting little evidence of near-term exploitation because the weakness requires access to hashes first.
- The CVE is not present in CISA’s KEV catalogue.
The Volerion Risk Score blends these signals with additional context such as product prevalence, attack incentives and remediation friction. For CVE-2025-47276 the resulting 8.6 score places it in our high-risk band, emphasising that the ease of password cracking outweighs the low EPSS prediction for many organisations.