4.7

CVE-2025-30258

Exploit
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnupgGnupg Version < 2.4.8
GnupgGnupg Version >= 2.5.0 < 2.5.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.075
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
cve@mitre.org 2.7 1 1.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html
Vendor Advisory
Mailing List
Release Notes
https://dev.gnupg.org/T7527
Exploit
Issue Tracking
https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158
Issue Tracking