8.2

CVE-2025-13609

EPSS 0.09%
Veröffentlicht 24.11.2025 18:15:49
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Keylime: keylime: registrar allows identity takeover via duplicate uuid registration

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

CNA 7 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerKeylime Project

≫

Produkt keylime

Default Statusunaffected

Version 0

Version < 7.14.0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

Version 0:7.12.1-11.el10_1.3

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10.0 Extended Update Support

Default Statusaffected

Version 0:7.12.1-2.el10_0.4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version 0:7.12.1-11.el9_7.3

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Default Statusaffected

Version 0:6.5.2-6.el9_2.1

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version 0:7.3.0-13.el9_4.1

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.6 Extended Update Support

Default Statusaffected

Version 0:7.3.0-15.el9_6.1

Version < *

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.259

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	8.2	2.3	5.3	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

CWE-694 Use of Multiple Resources with Duplicate Identifier

The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

https://access.redhat.com/security/cve/CVE-2025-13609

https://bugzilla.redhat.com/show_bug.cgi?id=2416761

https://access.redhat.com/errata/RHSA-2025:23201

https://access.redhat.com/errata/RHSA-2025:23210

https://access.redhat.com/errata/RHSA-2025:23628

https://access.redhat.com/errata/RHSA-2025:23735

https://access.redhat.com/errata/RHSA-2025:23852

https://access.redhat.com/errata/RHSA-2026:0429

https://github.com/keylime/keylime/issues/1820

https://nvd.nist.gov/vuln/detail/CVE-2025-13609

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-13609

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-13609

EUVD