CVE-2025-2885

MEDIUM Year: 2025
Weakness Type
CWE-1288
View all →

Vulnerability Description

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

Related Vulnerabilities

CVE-2024-25951

HIGH
CVSS:8.0(High)

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.

CWE-12882024

CVE-2021-41531

HIGH
CVSS:7.5(High)

NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the...

CWE-12882021

CVE-2024-39515

HIGH
CVSS:7.5(High)

An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker...

CWE-12882024

CVE-2024-31136

HIGH
CVSS:7.4(High)

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

CWE-12882024

CVE-2024-12093

MEDIUM
CVSS:6.8(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to b...

CWE-12882024

CVE-2024-8305

MEDIUM
CVSS:6.5(Medium)

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primar...

CWE-12882024