SB2025021483 - Improper Validation of Specified Type of Input in keylime



SB2025021483 - Improper Validation of Specified Type of Input in keylime

Published: February 14, 2025 Updated: May 7, 2026

Security Bulletin ID SB2025021483
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Partial DoS

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper Validation of Specified Type of Input (CVE-ID: CVE-2025-1057)

CWE-ID: CWE-1287 - Improper Validation of Specified Type of Input

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper validation of specified type of input in the registrar database handling logic when processing queries against agent registration data stored by earlier versions. A remote attacker can create multiple valid agent registrations with different UUIDs before the update to cause a denial of service.

User interaction is required, and exploitation occurs in an update scenario after data has been populated by versions >= 7.8.0.


Remediation

Install update from vendor's website.