Lucene search
+L

4 matches found

vulnersosv
vulnersosv
added 2025/03/28 2:49 p.m.5 views

tough-kms (>=0.2.0 <=0.5.0), tough-ssm (>=0.5.0 <=0.8.0) +1 more potentially affected by CVE-2025-2888 via tough (>=0.10.0 <=0.1.0)

tough CARGO version =0.10.0, =0.2.0, =0.5.0, =0.1.0, =0.9.0 Source cves: CVE-2025-2888 Source advisory: OSV:GHSA-76G3-38JV-WXH4...

5.7CVSS5.8AI score0.00307EPSS
Exploits0
vulnrichment
vulnrichment
added 2025/03/27 10:23 p.m.6 views

CVE-2025-2888 Improper timestamp caching during snapshot rollback in tough

During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the cache is cleared. Users should upgrade to tough version 0.20...

5.7CVSS7.3AI score0.00307EPSS
Exploits0References3
cve
cve
added 2025/03/27 10:23 p.m.70 views

CVE-2025-2888

CVE-2025-2888 affects the Amazon tough client (The Update Framework) where, during a snapshot rollback, the client incorrectly caches timestamp metadata. If the next update checks this cache, update timestamp validation may fail, blocking subsequent updates until the cache is cleared. The issue i...

5.7CVSS6.8AI score0.00307EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2025/03/27 10:23 p.m.31 views

CVE-2025-2888 Improper timestamp caching during snapshot rollback in tough

During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the cache is cleared. Users should upgrade to tough version 0.20...

5.7CVSS0.00307EPSS
Exploits0References3
Rows per page
Query Builder