216.73.217.86

CVE-2025-30258

· Published 19/03/2025 20:15 · Modified 19/03/2025 20:15

Labels: CVE-2025-30258 2025-03-19CVE-2025-30258CWE-754[email protected]

Essential information

Published
19/03/2025 20:15
Modified
19/03/2025 20:15
Author
Creator
CVSS
2.7 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

CVSS metrics

Description

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
gnupg / gnupg cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*

References