DEBIAN-CVE-2025-8454

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-8454

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-8454.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-8454

Upstream

CVE-2025-8454

Published

2025-08-01T06:15:29.493Z

Modified

2026-03-10T05:10:11.645198Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

References

https://security-tracker.debian.org/tracker/CVE-2025-8454

Affected packages

Debian:11 / devscripts

Package

Name: devscripts
Purl: pkg:deb/debian/devscripts?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.21.3

2.21.3+deb11u1~bpo10+1

2.21.3+deb11u1

2.21.4~bpo11+1

2.21.4

2.21.5

2.21.6~bpo11+1

2.21.6

2.21.7~bpo11+1

2.21.7

2.22.1~bpo11+1

2.22.1

2.22.2~bpo11+1

2.22.2

2.22.2+hurd.1

2.23.0

2.23.1

2.23.2

2.23.3

2.23.4

2.23.5~bpo11+1

2.23.5

2.23.6~bpo11+1

2.23.6

2.23.7~bpo11+1

2.23.7

2.24.1

2.24.2

2.24.3

2.24.4

2.24.5

2.24.6

2.24.7

2.24.8

2.24.9

2.24.10

2.25.1

2.25.2

2.25.3

2.25.4

2.25.5

2.25.6

2.25.7

2.25.8~bpo12+1

2.25.8

2.25.9

2.25.10~bpo12+1

2.25.10

2.25.11

2.25.12

2.25.13

2.25.14

2.25.15~bpo12+1

2.25.15

2.25.16

2.25.17

2.25.18

2.25.19~bpo13+1

2.25.19

2.25.20

2.25.21

2.25.22~bpo13+1

2.25.22

2.25.23

2.25.24

2.25.25

2.25.26

2.25.27

2.25.28

2.25.29

2.25.30

2.25.31

2.25.32

2.25.33

2.26.1

2.26.2

2.26.3

2.26.4

2.26.5

2.26.6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-8454.json"

Debian:12 / devscripts

Package

Name: devscripts
Purl: pkg:deb/debian/devscripts?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.23.4

2.23.4+deb12u1

2.23.4+deb12u2

2.23.5~bpo11+1

2.23.5

2.23.6~bpo11+1

2.23.6

2.23.7~bpo11+1

2.23.7

2.24.1

2.24.2

2.24.3

2.24.4

2.24.5

2.24.6

2.24.7

2.24.8

2.24.9

2.24.10

2.25.1

2.25.2

2.25.3

2.25.4

2.25.5

2.25.6

2.25.7

2.25.8~bpo12+1

2.25.8

2.25.9

2.25.10~bpo12+1

2.25.10

2.25.11

2.25.12

2.25.13

2.25.14

2.25.15~bpo12+1

2.25.15

2.25.16

2.25.17

2.25.18

2.25.19~bpo13+1

2.25.19

2.25.20

2.25.21

2.25.22~bpo13+1

2.25.22

2.25.23

2.25.24

2.25.25

2.25.26

2.25.27

2.25.28

2.25.29

2.25.30

2.25.31

2.25.32

2.25.33

2.26.1

2.26.2

2.26.3

2.26.4

2.26.5

2.26.6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-8454.json"

Debian:13 / devscripts

Package

Name: devscripts
Purl: pkg:deb/debian/devscripts?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.25.15

2.25.15+deb13u1

2.25.16

2.25.17

2.25.18

2.25.19~bpo13+1

2.25.19

2.25.20

2.25.21

2.25.22~bpo13+1

2.25.22

2.25.23

2.25.24

2.25.25

2.25.26

2.25.27

2.25.28

2.25.29

2.25.30

2.25.31

2.25.32

2.25.33

2.26.1

2.26.2

2.26.3

2.26.4

2.26.5

2.26.6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-8454.json"

Debian:14 / devscripts

Package

Name: devscripts
Purl: pkg:deb/debian/devscripts?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.25.15

2.25.16

2.25.17

2.25.18

2.25.19~bpo13+1

2.25.19

2.25.20

2.25.21

2.25.22~bpo13+1

2.25.22

2.25.23

2.25.24

2.25.25

2.25.26

2.25.27

2.25.28

2.25.29

2.25.30

2.25.31

2.25.32

2.25.33

2.26.1

2.26.2

2.26.3

2.26.4

2.26.5

2.26.6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-8454.json"