Main Vulnerability Database Vulnerabilities #VU106241

#VU106241 Comparison using wrong factors in tough - CVE-2025-2888

Published: March 28, 2025

Vulnerability identifier: #VU106241

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-2888

CWE-ID: CWE-1025

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
tough

Software vendor:
Amazon Web Services

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to timestamp metadata is cached when it fails snapshot rollback check. A remote administrator can cause the affected software to subsequently incorrectly identify valid timestamp metadata as being rolled back, preventing the client from consuming valid updates.

Remediation

Install updates from vendor's website.

External links

https://aws.amazon.com/security/security-bulletins/AWS-2025-007/
https://github.com/awslabs/tough/security/advisories/GHSA-76g3-38jv-wxh4

#VU106241 Comparison using wrong factors in tough - CVE-2025-2888

Description

Remediation

External links

Please verify you're human