Ghostwire

CVE-2024-27354: phpseclib: guardrails needed on isPrime and randomPrime

HIGH CVSS 7.5 Exploit Available

Published: May 6, 2026 | Last Modified: May 6, 2026

Description

phpseclib: guardrails needed on isPrime and randomPrime

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

github.com/phpseclib/phpseclib/security/advisories/GHSA-2528-jw5q-ww88
nvd.nist.gov/vuln/detail/CVE-2024-27354
github.com/phpseclib/phpseclib/commit/2870c8fab3f132d2ed40a66c97a36fe5ab625698
github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
github.com/phpseclib/phpseclib/commit/c55b75199ec8d12cec6eadf6da99da4a3712fe56
gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-
github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49
lists.debian.org/debian-lts-announce/2024/03/msg00002.html
lists.debian.org/debian-lts-announce/2024/03/msg00003.html
github.com/advisories/GHSA-2528-jw5q-ww88
www.tenable.com/cve/CVE-2024-27354
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2024-27354