Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Blast Radius
ecosystem impact- 2 pypi packages depend on signify (2 direct, 0 indirect)
Ecosystem-wide dependent count for version 0.9.2.
DescriptionCVE.org
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
AnalysisAI
A privilege escalation vulnerability exists in ralphje Signify versions prior to 0.9.2, affecting the signed_data.py and context.py components. Remote attackers can exploit this flaw to escalate privileges within the application's cryptographic signature verification context. While CVSS and EPSS scores are not currently available, the vulnerability has been patched in version 0.9.2 and related issues have been addressed in the upstream osslsigncode project.
Technical ContextAI
Signify is a Python library for verifying cryptographic signatures on executable files and security catalogs. The vulnerability resides in the signed_data.py and context.py modules, which handle the parsing and validation of signed code objects. The root cause appears to involve improper privilege boundary enforcement during signature context processing, allowing an attacker to manipulate the signature verification logic. The affected component processes Microsoft Authenticode signatures and security catalog data, making this particularly relevant for Windows executable verification workflows. The related osslsigncode project (a C-based implementation) has similar issues tracked in their GitHub repository, suggesting a shared conceptual vulnerability across multiple signature verification implementations.
RemediationAI
Upgrade ralphje Signify to version 0.9.2 or later immediately. The patch is available in the official GitHub repository at https://github.com/ralphje/signify/commit/64f21c0cc06cea0536370686ca3ba7a01e4adaa8. If using osslsigncode integration, ensure osslsigncode is updated to version 2.11 or later (https://github.com/mtrojnar/osslsigncode/releases/tag/2.11). Until patching is feasible, restrict Signify usage to trusted, air-gapped environments and avoid processing signatures from untrusted sources. Conduct a security audit of any code paths that handle signature verification or context manipulation to identify potential privilege escalation chains in dependent applications.
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209004
GHSA-p4hh-mq57-gq8x