← Back

CVE-2025-8454

nvd nist
Published: Aug 1, 2025Modified: Aug 6, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Affected (1)

Products: Debian: Devscripts
Debian
1 product
Devscripts
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Devscripts
Version 2.25.15

Related CWEs

CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (1)

Source: security@debian.org
Issue TrackingMailing List

Timeline

No history available yet.