CVE-2025-2885

Published Mar 27, 2025

Last updated 8 days ago

CVSS medium 5.7

Overview

Description
Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes.
Source
ff89ba41-3aa1-4d27-914a-91399e9639e5
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

Weaknesses

ff89ba41-3aa1-4d27-914a-91399e9639e5
CWE-1288

Social media

Hype score
Not currently trending

  1. CVE-2025-2885 Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the … https://t.co/xyboSyWH5S

    @CVEnew

    29 Mar 2025

    315 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References