DevGuard Logo

🛡️ DevGuard
Group
/🧩 DevGuard CI-Components
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

Open
LOW (1.6)
  • T

    Tim Bastin detected CVE-2025-30258 with a risk of 1.25

    0.9.0
  • logo

    System updated the risk assessment from 1.25 to 0.62

    0.9.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 0.62 to 1.25

    0.9.0

    System recalculated raw risk assessment

  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • T

    Tim Bastin detected CVE-2025-30258 with a risk of 1.25

    add-first-party-scan-to-gitlap-pipeline
  • T

    Tim Bastin detected CVE-2025-30258 with a risk of 1.25

    add-jobs-tags
  • T

    Tim Bastin detected CVE-2025-30258 with a risk of 1.25

    0.11.1
  • T

    Tim Bastin detected CVE-2025-30258 with a risk of 1.25

    feautre/sarif-sbom-upload-components
  • logo

    System

    chore/adds-additional-env-flags
  • T

    Tim Bastin

    attest
  • logo

    System

    revert-c7057e5e
  • S

    Sebastian Kawelke updated the risk assessment from 1.25 to 1.65

    add-first-party-scan-to-gitlap-pipeline

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.25 to 1.65

    0.9.0

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.25 to 1.65

    fix-attest.yaml

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.25 to 1.65

    add-jobs-tags

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.25 to 1.65

    feautre/sarif-sbom-upload-components

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.25 to 1.65

    chore/adds-additional-env-flags

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.25 to 1.65

    examples

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.25 to 1.65

    revert-c7057e5e

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.25 to 1.65

    attest

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.25 to 1.65

    0.11.1

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • logo

    System fixed CVE-2025-30258

    attest
  • logo

    System fixed CVE-2025-30258

    0.11.1
  • logo

    System fixed CVE-2025-30258

    examples
  • logo

    System fixed CVE-2025-30258

    0.9.0
  • logo

    System fixed CVE-2025-30258

    chore/adds-additional-env-flags
  • logo

    System fixed CVE-2025-30258

    revert-c7057e5e
  • logo

    System fixed CVE-2025-30258

    add-jobs-tags
  • logo

    System fixed CVE-2025-30258

    fix-attest.yaml
  • logo

    System fixed CVE-2025-30258

    feautre/sarif-sbom-upload-components
  • logo

    System fixed CVE-2025-30258

    add-first-party-scan-to-gitlap-pipeline
  • logo

    System detected CVE-2025-30258 with a risk of 1.65

    attest

Add a comment

Mark as False Positive
Last calculated at:

Affected component

debian/gnupg2

Installed version:
2.2.40
Fixed in:
no patch available
Show in dependency graph

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5