- Description
- In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 2.7
- Impact score
- 1.4
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L
- Severity
- LOW
- cve@mitre.org
- CWE-754
- Hype score
- Not currently trending
New builds of GnuPG 2.2.45 LTS (final free 2.2.x LTS version) patched for CVE-2025-30258 (as well as updated libassuan 2.5.6 & libksba 1.6.7) now available to #SavOS PPA users of #Ubuntu #Linux at ppa:savoury1/gpg (https://t.co/DIN5q8BXdV) for 16.04, 18.04, 20.04, and 22.04 L
@RobSavoury
7 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30258 03/19/2025 08:15:20 PM BaseSeverity: LOW In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to ver... https://t.co/z8t2boS5dd
@CVETracker
20 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the us… https://t.co/oeVdVK0uZF
@CVEnew
19 Mar 2025
399 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes