Main Vulnerability Database Vulnerabilities #VU130491

Improper Validation of Specified Type of Input in keylime - CVE-2025-1057

Published: February 14, 2025 / Updated: May 7, 2026

Vulnerability identifier: #VU130491

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-1057

CWE-ID: CWE-1287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Keylime

Affected software:
keylime

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper validation of specified type of input in the registrar database handling logic when processing queries against agent registration data stored by earlier versions. A remote attacker can create multiple valid agent registrations with different UUIDs before the update to cause a denial of service.

User interaction is required, and exploitation occurs in an update scenario after data has been populated by versions >= 7.8.0.

How to mitigate CVE-2025-1057

Install security update from vendor's website.

Sources

https://github.com/keylime/keylime/security/advisories/GHSA-9jxq-5x44-gx23

Improper Validation of Specified Type of Input in keylime - CVE-2025-1057

Detailed vulnerability description

How to mitigate CVE-2025-1057

Sources

Please verify you're human