Lucene search
K

CVE-2025-2885 Root metadata version not validated in tough

๐Ÿ—“๏ธย 27 Mar 2025ย 22:18:11Reported byย AMZNTypeย 
cvelist
ย cvelist
๐Ÿ”—ย www.cve.org๐Ÿ‘ย 21ย Views

Root metadata version validation flaw could enable arbitrary version supply; upgrade to tough 0.20.0+.

Related
Affected
Refs
ReporterTitlePublishedViews
Family
Circl
CVE-2025-2885
27 Mar 202522:36
โ€“circl
CNNVD
Amazon tough ๅฎ‰ๅ…จๆผๆดž
27 Mar 202500:00
โ€“cnnvd
CVE
CVE-2025-2885
27 Mar 202522:18
โ€“cve
EUVD
EUVD-2025-8666
3 Oct 202520:07
โ€“euvd
Github Security Blog
tough root metadata version is not checked for sequential versioning
28 Mar 202522:12
โ€“github
NVD
CVE-2025-2885
27 Mar 202523:15
โ€“nvd
OSV
CVE-2025-2885 Root metadata version not validated in tough
27 Mar 202522:18
โ€“osv
OSV
GHSA-5VMP-M5V2-HX47 tough root metadata version is not checked for sequential versioning
28 Mar 202522:12
โ€“osv
RedhatCVE
CVE-2025-2885
29 Mar 202522:43
โ€“redhatcve
vulnersOsv
tough-kms (>=0.2.0 <=0.5.0), tough-ssm (>=0.5.0 <=0.8.0) +1 more potentially affected by CVE-2025-2885 via tough (>=0.10.0 <=0.1.0)
28 Mar 202522:12
โ€“vulnersosv
Rows per page
[
  {
    "defaultStatus": "unaffected",
    "product": "tough",
    "repo": "https://github.com/awslabs/tough",
    "vendor": "AWS",
    "versions": [
      {
        "lessThan": "0.20.0",
        "status": "affected",
        "version": "0.1.0",
        "versionType": "semver"
      }
    ]
  }
]

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation