CVE-2025-30258

ADVISORY - nist

Summary

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

EPSS Score⁠: 0.00012 (0.012)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-754⁠

Improper Check for Unusual or Exceptional Conditions

ADVISORY - redhat

CWE-754⁠

Improper Check for Unusual or Exceptional Conditions

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.