Skip to main content

Mender Client CVE-2025-67903

MEDIUM
Improper Verification of Cryptographic Signature (CWE-347)
2026-05-27 cve@mitre.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
May 29, 2026 - 16:47 vuln.today
CVSS changed
May 29, 2026 - 16:27 NVD
5.3 (MEDIUM)
CVE Published
May 27, 2026 - 18:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass.

AnalysisAI

Cryptographic signature verification bypass in Northern.tech Mender Client 5 (before 5.0.4) allows unauthenticated remote attackers to circumvent JWT-based authentication controls. Tagged as both an Authentication Bypass and a JWT Attack, this CWE-347 flaw means the client fails to properly validate cryptographic signatures on tokens, potentially enabling unauthorized access to protected functionality or data. No public exploit code has been identified at time of analysis, and the low EPSS score of 0.02% (5th percentile) suggests exploitation is not currently widespread.

Technical ContextAI

Mender Client is an open-source IoT over-the-air (OTA) update agent maintained by Northern.tech. The affected component involves JWT (JSON Web Token) processing, where CWE-347 (Improper Verification of Cryptographic Signature) indicates the client does not correctly enforce cryptographic signature validation on received tokens. In JWT-based authentication flows, failure to verify the signature allows an attacker to forge or tamper with token claims without detection. The affected CPE is the Mender Client 5.x line prior to version 5.0.4. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms the flaw is exploitable over the network without authentication or user interaction, though the limited impact scope (C:L/I:N/A:N) suggests the bypass results in unauthorized information disclosure rather than arbitrary update delivery or full authentication takeover.

Affected ProductsAI

Northern.tech Mender Client version 5.x prior to 5.0.4 is confirmed affected. The vulnerability applies to the 5.x major release line only; whether earlier major versions (e.g., 4.x, 3.x) are affected is not stated in the available data and should be confirmed with the vendor advisory at https://mender.io/blog/cve-2025-67903-signature-verification-bypass-in-mender-client and the Northern.tech site at https://northern.tech.

RemediationAI

Upgrade to Mender Client version 5.0.4 or later, which contains the vendor-released patch for this vulnerability. The fix is confirmed by the vendor advisory at https://mender.io/blog/cve-2025-67903-signature-verification-bypass-in-mender-client. If immediate upgrade is not feasible, consider restricting network access to Mender Client management interfaces using firewall rules or network segmentation to limit exposure to trusted hosts only - this reduces the effective attack surface given the AV:N vector, though it does not eliminate the underlying flaw. Additionally, review logs for unexpected API access or anomalous token usage patterns as a compensating detective control. No workaround is independently confirmed to fully substitute for patching.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2025-67903 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy