Regclient · Regclient · CVE-2025-24882
**Name of the Vulnerable Software and Affected Versions**
regclient versions prior to 0.7.1
**Description**
A malicious registry could return a different digest for a pinned manifest without detection. This issue affects the regclient, a Docker and OCI Registry Client in Go.
**Recommendations**
For versions prior to 0.7.1, update to version 0.7.1 to resolve the issue.
As a temporary workaround, after running a `regclient.ManifestGet`, compare the returned digest to the requested digest to detect any discrepancies.