Skip to main content

Suse CVE-2025-70887

| EUVDEUVD-2025-209004 HIGH
Improper Privilege Management (CWE-269)
2026-03-25 mitre GHSA-p4hh-mq57-gq8x
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 19:02 euvd
EUVD-2025-209004
Analysis Generated
Mar 25, 2026 - 19:02 vuln.today
CVE Published
Mar 25, 2026 - 00:00 nvd
HIGH 8.8

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 2 pypi packages depend on signify (2 direct, 0 indirect)

Ecosystem-wide dependent count for version 0.9.2.

DescriptionCVE.org

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components

AnalysisAI

A privilege escalation vulnerability exists in ralphje Signify versions prior to 0.9.2, affecting the signed_data.py and context.py components. Remote attackers can exploit this flaw to escalate privileges within the application's cryptographic signature verification context. While CVSS and EPSS scores are not currently available, the vulnerability has been patched in version 0.9.2 and related issues have been addressed in the upstream osslsigncode project.

Technical ContextAI

Signify is a Python library for verifying cryptographic signatures on executable files and security catalogs. The vulnerability resides in the signed_data.py and context.py modules, which handle the parsing and validation of signed code objects. The root cause appears to involve improper privilege boundary enforcement during signature context processing, allowing an attacker to manipulate the signature verification logic. The affected component processes Microsoft Authenticode signatures and security catalog data, making this particularly relevant for Windows executable verification workflows. The related osslsigncode project (a C-based implementation) has similar issues tracked in their GitHub repository, suggesting a shared conceptual vulnerability across multiple signature verification implementations.

RemediationAI

Upgrade ralphje Signify to version 0.9.2 or later immediately. The patch is available in the official GitHub repository at https://github.com/ralphje/signify/commit/64f21c0cc06cea0536370686ca3ba7a01e4adaa8. If using osslsigncode integration, ensure osslsigncode is updated to version 2.11 or later (https://github.com/mtrojnar/osslsigncode/releases/tag/2.11). Until patching is feasible, restrict Signify usage to trusted, air-gapped environments and avoid processing signatures from untrusted sources. Conduct a security audit of any code paths that handle signature verification or context manipulation to identify potential privilege escalation chains in dependent applications.

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2025-70887 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy