CVE-2025-30258

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.5.5

Description The issue arises when a user imports a certificate with crafted subkey data lacking a valid backsig or having incorrect usage flags, leading to a loss of ability to verify signatures made from certain other signing keys. This can be considered a "verification DoS."

Recommendations For GnuPG versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue.

Exploit

Fix

DoS

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

AZL-58932

AZL-58935

BDU:2025-11080

CVE-2025-30258

ECHO-480F-5130-76D3

MGASA-2025-0133

OESA-2025-1375

OESA-2025-1376

OESA-2025-1521

OESA-2025-1522

OESA-2025-1523

OPENSUSE-SU-2025:15076-1

SUSE-RU-2025:20460-1

SUSE-SU-2025:02259-1

SUSE-SU-2025:20209-1

SUSE-SU-2025:20444-1

SUSE-SU-2025:20454-1

SUSE-SU-2025:20458-1

SUSE-SU-2025:20465-1

SUSE-SU-2025:20472-1

SUSE-SU-2025:3986-1

SUSE-SU-2025_02259-1

USN-7412-1

USN-7412-2

USN-7412-3

Affected Products

Debian

Gnupg

Linuxmint

Red Os

Suse

Ubuntu

CVE-2025-30258

Weakness Enumeration

Related Identifiers

Affected Products

References · 73