Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/03/29 10:43 p.m.19 views

CVE-2025-2885

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure...

5.7CVSS7.6AI score0.00307EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/03/28 10:12 p.m.4 views

tough-kms (>=0.2.0 <=0.5.0), tough-ssm (>=0.5.0 <=0.8.0) +1 more potentially affected by CVE-2025-2885 via tough (>=0.10.0 <=0.1.0)

tough CARGO version =0.10.0, =0.2.0, =0.5.0, =0.1.0, =0.9.0 Source cves: CVE-2025-2885 Source advisory: OSV:GHSA-5VMP-M5V2-HX47...

5.7CVSS5.8AI score0.00307EPSS
Exploits0
Cvelist
Cvelist
added 2025/03/27 10:18 p.m.22 views

CVE-2025-2885 Root metadata version not validated in tough

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure...

5.7CVSS0.00307EPSS
Exploits0References3
CVE
CVE
added 2025/03/27 10:18 p.m.64 views

CVE-2025-2885

CVE-2025-2885 affects the Tough root-metadata handling in the Amazon Tough (Rust) client library. The root metadata version number validation is missing, allowing an attacker to supply an arbitrary version instead of the intended one, which could cause the client to fetch a different or outdated ...

5.7CVSS7AI score0.00307EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder