Medium severity4.3GHSA Advisory· Published Mar 15, 2025· Updated Apr 15, 2026
CVE-2025-1057
CVE-2025-1057
Description
A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas the updated registrar expects str. This issue leads to an exception when processing agent registration requests, causing the agent to fail.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keylimePyPI | >= 7.12.0, < 7.12.1 | 7.12.1 |
Affected products
6- ghsa-coords5 versionspkg:pypi/keylimepkg:rpm/opensuse/keylime&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/keylime&distro=openSUSE%20Tumbleweedpkg:rpm/suse/keylime&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/keylime&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
>= 7.12.0, < 7.12.1+ 4 more
- (no CPE)range: >= 7.12.0, < 7.12.1
- (no CPE)range: < 7.13.0+40-160000.1.1
- (no CPE)range: < 7.12.1-1.1
- (no CPE)range: < 7.13.0+40-160000.1.1
- (no CPE)range: < 7.13.0+40-160000.1.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-9jxq-5x44-gx23ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-1057ghsaADVISORY
- access.redhat.com/security/cve/CVE-2025-1057nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/keylime/keylime/commit/e08b10d86c3717006774e787542c190e2ba24fc7ghsaWEB
- github.com/keylime/keylime/security/advisories/GHSA-9jxq-5x44-gx23ghsaWEB
News mentions
0No linked articles in our index yet.