CGA-87rm-97px-mvmp

Published

Last updated

https://images.chainguard.dev/security/CGA-87rm-97px-mvmp

Package

openjdk-17-openj9

Repository

Chainguard

Latest Update

Under investigation

Aliases

CVE-2025-0509
GHSA-wc9m-r3v6-9p5h

Severity

Unknown

Summary

Sparkle Signing Checks Bypass

Description

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0509
https://github.com/advisories/GHSA-wc9m-r3v6-9p5h
https://github.com/sparkle-project/Sparkle/pull/2550
https://github.com/sparkle-project/Sparkle
https://security.netapp.com/advisory/ntap-20250124-0008
https://sparkle-project.org/documentation/security-and-reliability

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-87rm-97px-mvmp

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources