CVE-2025-1057

Sažetak

A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas the updated registrar expects str. This issue leads to an exception when processing agent registration requests, causing the agent to fail.

Reference

https://access.redhat.com/security/cve/CVE-2025-1057
https://bugzilla.redhat.com/show_bug.cgi?id=2343894

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Zadnje važnije ažuriranje

15-03-2025 - 09:15

Objavljeno

15-03-2025 - 09:15