Lucene search
K

5 matches found

SUSE CVE
SUSE CVE
added 2025/11/09 12:23 a.m.6 views

SUSE CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

6.9CVSS6.4AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2025/10/15 8:15 p.m.8 views

CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

6.9CVSS0.0019EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/15 8:12 p.m.9 views

go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents

Impact This vulnerability only affects users of the AWS attestor. Users of the AWS attestor could have unknowingly received a forged identity document. While this may seem unlikely, AWS recently issued a security bulletin about IMDS Instance Metadata Service impersonation.^1 There are multiple...

6.9CVSS6.9AI score0.0019EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2025/10/15 7:23 p.m.6 views

CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

6.9CVSS5.4AI score0.0019EPSS
Exploits0
CVE
CVE
added 2025/10/15 7:23 p.m.17 views

CVE-2025-62375

The CVE describes an improper verification in the AWS attestor used by go-witness and witness. In affected versions, the attestor can accept forged AWS EC2 instance identity documents when a signature is absent/empty or RSA verification fails, and it relies on a legacy global AWS certificate inst...

6.9CVSS6.2AI score0.0019EPSS
Exploits0References2
Rows per page
Query Builder