CVE-2025-4658
EUVD-2025-1447713.05.2025, 17:16
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openpubkey | openpubkey | 𝑥 < 0.10.0 |
| openpubkey | opkssh | 𝑥 < 0.5.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-305 - Authentication Bypass by Primary WeaknessThe authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
- CWE-347 - Improper Verification of Cryptographic SignatureThe software does not verify, or incorrectly verifies, the cryptographic signature for data.
References