4.3

CVE-2025-1057

EPSS 0.05%
Veröffentlicht 15.03.2025 08:50:48
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Keylime: keylime registrar dos due to incompatible database entry handling

A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas the updated registrar expects str. This issue leads to an exception when processing agent registration requests, causing the agent to fail.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/keylime/keylime

≫

Paket keylime

Default Statusunaffected

Version 7.12.0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusunaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.141

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

https://access.redhat.com/security/cve/CVE-2025-1057

https://bugzilla.redhat.com/show_bug.cgi?id=2343894

https://nvd.nist.gov/vuln/detail/CVE-2025-1057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1057

EUVD