CVE-2025-52556

Name of the Vulnerable Software and Affected Versions: rfc3161-client versions prior to 1.0.3

Description: The issue is related to a flaw in the timestamp response signature verification logic. Specifically, the chain verification is performed against the TSR's embedded certificates up to the trusted root(s), but it fails to verify the TSR's own signature against the timestamping leaf certificates. This allows an attacker to introduce any TSR signature as long as the embedded leaf chains up to some root TSA, resulting in insufficient signature validation.

Recommendations: For versions prior to 1.0.3, update to version 1.0.3 to resolve the issue. As a temporary workaround, consider restricting the use of the timestamp response signature verification logic until a patch is available.