CVE-2025-29991

Published Apr 3, 2025

Last updated 3 days ago

CVSS low 2.2

Overview

Description
Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
2.2
Impact score
1.4
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

cve@mitre.org
CWE-1390

Social media

Hype score
Not currently trending

References