CVE-2025-30258
ADVISORY - ubuntuSummary
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
EPSS Score: 0.0001 (0.008)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Check for Unusual or Exceptional Conditions
ADVISORY - redhat
Improper Check for Unusual or Exceptional Conditions
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2025-30258
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Amedium| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| ubuntu/gnupg2 | deb | ubuntu | 22.04 | <2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.3 |
| ubuntu/gnupg2 | deb | ubuntu | 24.04 | <2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.2 |
| ubuntu/gnupg2 | deb | ubuntu | 20.04 | <2.2.19-3ubuntu2.4 | 2.2.19-3ubuntu2.4 |
| ubuntu/gnupg2 | deb | ubuntu | 25.04 | <2.4.4-2ubuntu23 | 2.4.4-2ubuntu23 |
| ubuntu/gnupg2 | deb | ubuntu | 24.10 | <2.4.4-2ubuntu18.2 | 2.4.4-2ubuntu18.2 |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2025-30258
EXPLOITABILITY SCORE
1
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
2.7lowDebian
CREATED
UPDATED
ADVISORY IDCVE-2025-30258
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Red Hat
CREATED
UPDATED
ADVISORY IDCVE-2025-30258
EXPLOITABILITY SCORE
1.0
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)