CVE-2025-3757

Publication date 13 May 2025

Last updated 3 July 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

Description

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.

Status

Package Ubuntu Release Status
golang-github-openpubkey-openpubkey 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
25.04 plucky Not in release
24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 9.8 · Critical

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Other references

Access our resources on patching vulnerabilities