PT-2025-11973 · Gnupg +3 · Gnupg +3

Published

2025-03-19

·

Updated

2025-07-30

·

CVE-2025-30258

CVSS v3.1
2.7
VectorAV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions:

GnuPG versions prior to 2.5.5

Description:

The issue arises when a user imports a certificate with crafted subkey data lacking a valid backsig or having incorrect usage flags, leading to a loss of ability to verify signatures made from certain other signing keys. This can be considered a "verification DoS."

Recommendations:

For GnuPG versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue.

Fix

DoS

Improper Check for Exceptional Conditions

Weakness Enumeration

Related Identifiers

CVE-2025-30258
MGASA-2025-0133
USN-7412-1
USN-7412-2

Affected Products

Debian
Gnupg
Linuxmint
Ubuntu