Main Vulnerability Database SB2025110753

SB2025110753 - SUSE update for gpg2

Published: November 7, 2025

Security Bulletin ID SB2025110753

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2025-30258)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to disable signature verification.

The vulnerability exists due to an error when handling subkey data. A remote attacker can trick the victim into importing a specially crafted certificate with subkey data that lacks a valid backsig or that has incorrect usage flags and disable signature verification for other signing keys.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-20253986-1/

SB2025110753 - SUSE update for gpg2

Breakdown by Severity

Description

Remediation

References

Please verify you're human