{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70888", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-25T19:03:38.130Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T19:03:38.130Z"}, "descriptions": [{"lang": "en", "value": "An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ralphje/signify/issues/60"}, {"url": "https://github.com/mtrojnar/osslsigncode/issues/475"}, {"url": "https://github.com/mtrojnar/osslsigncode/pull/477"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component"}], "id": "CVE-2025-70888", "lastModified": "2026-03-26T15:13:15.790", "metrics": {}, "published": "2026-03-25T20:16:22.463", "references": [{"source": "cve@mitre.org", "url": "https://github.com/mtrojnar/osslsigncode/issues/475"}, {"source": "cve@mitre.org", "url": "https://github.com/mtrojnar/osslsigncode/pull/477"}, {"source": "cve@mitre.org", "url": "https://github.com/ralphje/signify/issues/60"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "osslsigncode: Osslsigncode: Remote privilege escalation", "id": "2451443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451443"}, "csaw": false, "cvss3": {"cvss3_base_score": "10.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-266", "details": ["A flaw was found in osslsigncode. A remote attacker can exploit an issue within the osslsigncode.c component to escalate privileges. This vulnerability allows an attacker to gain elevated access, potentially leading to unauthorized control over the affected system."], "name": "CVE-2025-70888", "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-70888\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-70888\nhttps://github.com/mtrojnar/osslsigncode/issues/475\nhttps://github.com/mtrojnar/osslsigncode/pull/477\nhttps://github.com/ralphje/signify/issues/60"], "statement": "This Critical flaw in osslsigncode allows a remote attacker to escalate privileges. However, Red Hat products are unaffected because they do not ship the package. Additionally, the vulnerable code is not present in the osslsigncode packages shipped with Fedora.", "threat_severity": "Critical"}