CVE-2025-8095

UNKNOWN 0.0

Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric encryption.

CWE	CWE-257
Vendor	progress software corporation
Product	openedge
Published	Apr 14, 2026
Last Updated	Apr 15, 2026

Stay Ahead of the Next One

Get instant alerts for progress software corporation openedge

Be the first to know when new unknown vulnerabilities affecting progress software corporation openedge are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Progress Software Corporation / OpenEdge

12.2.0 ≤ 12.2.18 12.8.0 ≤ 12.8.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

community.progress.com: https://community.progress.com/s/article/Unintended-Use-of-OECH1-for-Password-Secrets-Protection

Credits

Thomas Riedmaier, Siemens Energy