CVE-2025-70888

| EUVD-2025-209012 CRITICAL
2026-03-25 mitre GHSA-m387-6h4v-93hp
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch Released
Apr 09, 2026 - 08:30 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 19:32 euvd
EUVD-2025-209012
Analysis Generated
Mar 25, 2026 - 19:32 vuln.today
CVE Published
Mar 25, 2026 - 00:00 nvd
CRITICAL 9.8

Tags

Privilege Escalation Redhat Suse

Description

An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component

Analysis

A privilege escalation vulnerability exists in osslsigncode (mtrojnar) versions 2.10 and earlier within the osslsigncode.c component, allowing remote attackers to escalate privileges. The vulnerability affects users of the osslsigncode code signing utility. While CVSS scoring is not yet available, referenced GitHub issues and pull requests suggest this is an authenticated or context-dependent issue that has been identified and likely patched.

Technical Context

osslsigncode is a tool used for digitally signing code using OpenSSL, commonly deployed in cross-platform build and release environments. The vulnerability resides in the osslsigncode.c component, which handles the core signing logic. Without a specific CWE classification provided, the privilege escalation likely stems from improper input validation, insecure file operations, or unsafe handling of certificate/signature data within the signing process. The tool is widely used in open-source and commercial software supply chains for Windows Authenticode signing on non-Windows platforms. The affected CPE indicates the broader osslsigncode product line (cpe:2.3:a:n/a:n/a:*:*:*:*:*:*:*:*), though the vendor is mtrojnar per the GitHub repository evidence.

Affected Products

osslsigncode (mtrojnar) versions 2.10 and earlier are affected. The vulnerability has been documented in the official mtrojnar osslsigncode GitHub repository at https://github.com/mtrojnar/osslsigncode/issues/475 and patched in PR #477. A related issue was also reported in ralphje/signify at https://github.com/ralphje/signify/issues/60, indicating potential downstream impact on tools that depend on osslsigncode. The vendor CPE provided is generic (cpe:2.3:a:n/a:n/a:*:*:*:*:*:*:*:*), but the authoritative product is osslsigncode by mtrojnar.

Remediation

Upgrade osslsigncode to version 2.11 or later; the patch is available in the mtrojnar GitHub repository (https://github.com/mtrojnar/osslsigncode/pull/477). Organizations using osslsigncode in automated build pipelines should apply the patch immediately and validate signing workflows post-update. Until patching is feasible, restrict osslsigncode execution to sandboxed or isolated build environments with minimal privilege escalation surface and disable unnecessary file system or network access. Code signing operations should run under a dedicated unprivileged service account with no system-level privileges to limit escalation impact.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +49
POC: 0

Vendor Status

Share

CVE-2025-70888 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy