CVE-2025-67903

Vulnerability

The Mender Client versions 5.0.0 through 5.0.3 contain a cryptographic signature verification bypass vulnerability. The bug allows an attacker to add additional files to a Mender Artifact without causing the signature or checksum verification to fail. The additional file is not listed in the update manifest, so it bypasses verification. Only custom update modules that install or run such files can be exploited; default update modules (single file, directory, rootfs) are not affected. [1]

Exploitation

An attacker must deliver a malformed artifact to the target device, either via Mender Client in standalone mode or through a custom update server, as the Mender Server rejects these artifacts. The attacker needs a custom update module that will write or execute the injected file. No authentication is required if the attacker can control the update delivery. [1]

Impact

Successful exploitation allows the attacker to inject a malicious file that, when installed or executed by the custom update module, can lead to full device compromise, including arbitrary code execution and potential device takeover. [1]

Mitigation

The vulnerability is fixed in Mender Client version 5.0.4. Users are advised to upgrade. Affected versions include 5.0.0 to 5.0.3, and likely earlier unsupported versions. No workarounds are provided. [1]