CVE-2025-24882

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-24882

Severity

5.2

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Summary

regclient may ignore pinned manifest digests

Description

regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-24882
https://github.com/advisories/GHSA-qv35-3gw6-8q4j
https://pkg.go.dev/vuln/GO-2024-3038
https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24882.json
https://github.com/regclient/regclient/commit/7d17cff26c22196b5ddd66bda8c5ee4abf3d1269
https://github.com/regclient/regclient/security/advisories/GHSA-qv35-3gw6-8q4j

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-24882

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company