High severityOSV Advisory· Published Oct 9, 2025· Updated Apr 15, 2026
CVE-2025-61779
CVE-2025-61779
Description
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v0.10.0, v0.10.1, v0.11.0, …+ 1 more
- (no CPE)range: v0.10.0, v0.10.1, v0.11.0, …
- (no CPE)range: <0.15.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.