Critical severity9.8NVD Advisory· Published Mar 25, 2026· Updated Apr 2, 2026
CVE-2025-70888
CVE-2025-70888
Description
An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:osslsigncode_project:osslsigncode:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:osslsigncode_project:osslsigncode:*:*:*:*:*:*:*:*range: <=2.10
- (no CPE)range: <=2.10
- osv-coords2 versionspkg:rpm/opensuse/osslsigncode&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/osslsigncode&distro=openSUSE%20Tumbleweed
< 2.13-bp160.1.1+ 1 more
- (no CPE)range: < 2.13-bp160.1.1
- (no CPE)range: < 2.13-1.1
Patches
Vulnerability mechanics
References
3- github.com/mtrojnar/osslsigncode/issues/475nvdIssue TrackingThird Party Advisory
- github.com/ralphje/signify/issues/60nvdIssue TrackingThird Party Advisory
- github.com/mtrojnar/osslsigncode/pull/477nvdIssue Tracking
News mentions
0No linked articles in our index yet.