PYSEC-2025-77

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/keylime/PYSEC-2025-77.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-77

Aliases

CVE-2025-13609
GHSA-xh5w-g8gq-r3v9

Published

2025-11-24T18:15:49.830Z

Modified

2026-05-19T05:26:06.266252372Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.

References

Affected packages

PyPI / keylime

Package

Name: keylime; View open source insights on deps.dev
Purl: pkg:pypi/keylime

Affected ranges

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/keylime/PYSEC-2025-77.yaml"