Medium severity4.3NVD Advisory· Published Mar 15, 2025· Updated Apr 15, 2026
CVE-2025-1057
CVE-2025-1057
Description
A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas the updated registrar expects str. This issue leads to an exception when processing agent registration requests, causing the agent to fail.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keylimePyPI | >= 7.12.0, < 7.12.1 | 7.12.1 |
Patches
1e08b10d86c37Simplify response check from registrar
1 file changed · +11 −18
keylime/registrar_client.py+11 −18 modified@@ -33,6 +33,16 @@ class RegistrarData(TypedDict): logger = keylime_logging.init_logging("registrar_client") api_version = keylime_api_version.current_version() +MANDATORY_FIELDS = ["aik_tpm", "regcount", "ek_tpm", "ip", "port"] + + +def check_mandatory_fields(results: Dict[str, Any]) -> bool: + for field in MANDATORY_FIELDS: + if field not in results: + logger.critical("Error: did not receive %s from Registrar Server.", field) + return False + return True + def getData( registrar_ip: str, registrar_port: str, agent_id: str, tls_context: Optional[ssl.SSLContext] @@ -71,24 +81,7 @@ def getData( logger.critical("Error: unexpected http response body from Registrar Server: %s", response.status_code) return None - if "aik_tpm" not in response_body["results"]: - logger.critical("Error: did not receive AIK from Registrar Server.") - return None - - if "regcount" not in response_body["results"]: - logger.critical("Error: did not receive regcount from Registrar Server.") - return None - - if "ek_tpm" not in response_body["results"]: - logger.critical("Error: did not receive EK from Registrar Server.") - return None - - if "ip" not in response_body["results"]: - logger.critical("Error: did not receive IP from Registrar Server.") - return None - - if "port" not in response_body["results"]: - logger.critical("Error: did not receive port from Registrar Server.") + if not check_mandatory_fields(response_body["results"]): return None r = response_body["results"]
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-9jxq-5x44-gx23ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-1057ghsaADVISORY
- access.redhat.com/security/cve/CVE-2025-1057nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/keylime/keylime/commit/e08b10d86c3717006774e787542c190e2ba24fc7ghsaWEB
- github.com/keylime/keylime/security/advisories/GHSA-9jxq-5x44-gx23ghsaWEB
News mentions
0No linked articles in our index yet.