CVE-2025-70888

Опубликовано: 25 мар. 2026

Источник: redhat

CVSS3: 10

Описание

An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component

A flaw was found in osslsigncode. A remote attacker can exploit an issue within the osslsigncode.c component to escalate privileges. This vulnerability allows an attacker to gain elevated access, potentially leading to unauthorized control over the affected system.

Отчет

This Critical flaw in osslsigncode allows a remote attacker to escalate privileges. However, Red Hat products are unaffected because they do not ship the package. Additionally, the vulnerable code is not present in the osslsigncode packages shipped with Fedora.

Ссылки на источники

Дополнительная информация

Статус:

Critical

Дефект:

CWE-266

https://bugzilla.redhat.com/show_bug.cgi?id=2451443osslsigncode: Osslsigncode: Remote privilege escalation

10 Critical

CVSS3

Связанные уязвимости

CVE-2025-70888

CVSS3: 9.8

ubuntu

8 дней назад

An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component

CVE-2025-70888

CVSS3: 9.8

nvd

8 дней назад

An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component

CVE-2025-70888

msrc

5 дней назад

Описание отсутствует

CVE-2025-70888

CVSS3: 9.8

debian

8 дней назад

An issue in mtrojnar Osslsigncode affected at v2.10 and before allows ...

GHSA-m387-6h4v-93hp

CVSS3: 9.8

github

8 дней назад

An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component

10 Critical

CVSS3