4.3

CVE-2025-1057

EPSS 0.06%
Published 15.03.2025 08:50:48
Last modified 15.03.2025 09:15:10
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas the updated registrar expects str. This issue leads to an exception when processing agent registration requests, causing the agent to fail.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/keylime/keylime

≫

Package keylime

Default Statusunaffected

Version 7.12.0

Status affected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 10

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9

Default Statusunaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.185

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

https://access.redhat.com/security/cve/CVE-2025-1057

https://bugzilla.redhat.com/show_bug.cgi?id=2343894

https://nvd.nist.gov/vuln/detail/CVE-2025-1057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1057

EUVD