CVE-2025-4658

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: OpenPubkey library versions prior to 0.10.0 OPKSSH versions prior to 0.5.0

Description: The issue allows a specially crafted JWS to bypass signature verification. This affects OPKSSH as it depends on the OpenPubkey library for authentication, enabling an attacker to bypass OPKSSH authentication.

Recommendations: For OpenPubkey library versions prior to 0.10.0, update to version 0.10.0 or later to resolve the issue. For OPKSSH versions prior to 0.5.0, update to version 0.5.0 or later to resolve the issue.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347CWE-305

Related Identifiers

CVE-2025-4658

GHSA-56WX-66PX-9J66

GO-2025-3680

OPENSUSE-SU-2025:15135-1

Affected Products

Opkssh

Openpubkey

CVE-2025-4658

Weakness Enumeration

Related Identifiers

Affected Products

References · 27