CVE-2025-0509

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-0509

Severity

6.8

Medium

CVSS CVSS_V3

Description

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.

References

https://images.chainguard.dev/security/CGA-w978-cmwq-47mr
https://github.com/advisories/GHSA-wc9m-r3v6-9p5h
https://images.chainguard.dev/security/CGA-87rm-97px-mvmp
https://images.chainguard.dev/security/CGA-8r3w-6j7v-f9gg
https://images.chainguard.dev/security/CGA-48m2-rm5c-6jxc
https://images.chainguard.dev/security/CGA-w26c-4234-m5h9
https://security.netapp.com/advisory/ntap-20250124-0008/
https://github.com/sparkle-project/Sparkle/pull/2550
https://sparkle-project.org/documentation/security-and-reliability/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

CVE-2025-0509

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources