Medium severity5.2OSV Advisory· Published Jan 29, 2025· Updated Apr 15, 2026
CVE-2025-24882
CVE-2025-24882
Description
regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/regclient/regclientGo | < 0.7.1 | 0.7.1 |
Affected products
13- osv-coords12 versionspkg:apk/chainguard/gpu-operatorpkg:apk/chainguard/guacpkg:apk/chainguard/guaccsubpkg:apk/chainguard/guacgqlpkg:apk/chainguard/guacingestpkg:apk/chainguard/guaconepkg:apk/wolfi/guacpkg:apk/wolfi/guaccsubpkg:apk/wolfi/guacgqlpkg:apk/wolfi/guacingestpkg:apk/wolfi/guaconepkg:golang/github.com/regclient/regclient
< 24.6.0-r1+ 11 more
- (no CPE)range: < 24.6.0-r1
- (no CPE)range: < 0.8.0-r2
- (no CPE)range: < 0.8.0-r2
- (no CPE)range: < 0.8.0-r2
- (no CPE)range: < 0.8.0-r2
- (no CPE)range: < 0.8.0-r2
- (no CPE)range: < 0.8.0-r2
- (no CPE)range: < 0.8.0-r2
- (no CPE)range: < 0.8.0-r2
- (no CPE)range: < 0.8.0-r2
- (no CPE)range: < 0.8.0-r2
- (no CPE)range: < 0.7.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.