GO-2025-4112 Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves in github.com/evervault/evervault-go

Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves in github.com/evervault/evervault-go...

GHSA-88H9-77C7-P6W4 Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves

Summary A vulnerability was identified in the evervault-go SDK’s attestation verification logic that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees. The exploitability of this issue is...

CVE-2025-64186

Evervault is a payment security solution. A vulnerability was identified in the evervault-go SDK’s attestation verification logic in versions of evervault-go prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not...

CVE-2025-64186 Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves

Evervault is a payment security solution. A vulnerability was identified in the evervault-go SDK’s attestation verification logic in versions of evervault-go prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not...

CVE-2025-64186 Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves

Evervault is a payment security solution. A vulnerability was identified in the evervault-go SDK’s attestation verification logic in versions of evervault-go prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not...

Evervault Go SDK 数据伪造问题漏洞

Evervault Go SDK is an open source development toolkit from Evervault. A Data Forgery Issue vulnerability exists in Evervault Go SDK versions prior to 1.3.2, which stems from incomplete validation logic that could lead to trusting an enclave operator that does not meet integrity guarantees...

PT-2025-46716

Name of the Vulnerable Software and Affected Versions Evervault-go versions prior to 1.3.2 Description A flaw exists in the attestation verification logic of the evervault-go SDK. This issue could allow incomplete documents to pass validation, potentially leading a client to trust an enclave...