PT-2026-28087 · Signify · Signify

Published

2026-03-25

Updated

2026-03-25

CVE-2025-70887

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Signify versions prior to 0.9.2

Description An issue exists in Signify that allows a remote attacker to escalate privileges. This is due to problems in the signed data.py and context.py components.

Recommendations Update to version 0.9.2 or later.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2025-70887

GHSA-P4HH-MQ57-GQ8X

Affected Products

Signify

PT-2026-28087 · Signify · Signify

CVE-2025-70887

Weakness Enumeration

Related Identifiers

Affected Products

References · 8