- Description
- In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 2.7
- Impact score
- 1.4
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L
- Severity
- LOW
- cve@mitre.org
- CWE-754
- Hype score
- Not currently trending
CVE-2025-30258 03/19/2025 08:15:20 PM BaseSeverity: LOW In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to ver... https://t.co/z8t2boS5dd
@CVETracker
20 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the us… https://t.co/oeVdVK0uZF
@CVEnew
19 Mar 2025
399 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes