GHSA-88H9-77C7-P6W4 Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves

Summary A vulnerability was identified in the evervault-go SDK’s attestation verification logic that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees. The exploitability of this issue is...

CVE-2025-64186

Evervault is a payment security solution. A vulnerability was identified in the evervault-go SDK’s attestation verification logic in versions of evervault-go prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not...

CVE-2025-64186 Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves

Evervault is a payment security solution. A vulnerability was identified in the evervault-go SDK’s attestation verification logic in versions of evervault-go prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not...

PT-2025-46716

Name of the Vulnerable Software and Affected Versions Evervault-go versions prior to 1.3.2 Description A flaw exists in the attestation verification logic of the evervault-go SDK. This issue could allow incomplete documents to pass validation, potentially leading a client to trust an enclave...