Critical severity9.8NVD Advisory· Published Aug 1, 2025· Updated Jun 17, 2026
CVE-2025-8454
CVE-2025-8454
Description
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1- bugs.debian.org/1109251nvdIssue TrackingMailing List
News mentions
0No linked articles in our index yet.