VYPR
Medium severity5.2OSV Advisory· Published Jan 29, 2025· Updated Apr 15, 2026

CVE-2025-24882

CVE-2025-24882

Description

regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/regclient/regclientGo
< 0.7.10.7.1

Affected products

13

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.