cvelistv5 - cve-2025-13353

CVE-2025-13353 (GCVE-0-2025-13353)

Vulnerability from cvelistv5 – Published: 2025-12-02 11:03 – Updated: 2025-12-02 16:54

Summary

In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the -s option). Even if the input seed file stays the same, version 0.2.0 gokey will generate different secrets. Impact This vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the -s option). Keys/secrets generated just from the master password (without the -s option) are not impacted. The confidentiality of the seed itself is also not impacted (it is not required to regenerate the seed itself). Specific impact includes: * keys/secrets generated from a seed file may have lower entropy: it was expected that the whole seed would be used to generate keys (240 bytes of entropy input), where in vulnerable versions only 28 bytes was used * a malicious entity could have recovered all passwords, generated from a particular seed, having only the seed file in possession without the knowledge of the seed master password Patches The code logic bug has been fixed in gokey version 0.2.0 and above. Due to the deterministic nature of gokey, fixed versions will produce different passwords/secrets using seed files, as all seed entropy will be used now. System secret rotation guidance It is advised for users to regenerate passwords/secrets using the patched version of gokey (0.2.0 and above), and provision/rotate these secrets into respective systems in place of the old secret. A specific rotation procedure is system-dependent, but most common patterns are described below. Systems that do not require the old password/secret for rotation Such systems usually have a "Forgot password" facility or a similar facility allowing users to rotate their password/secrets by sending a unique "magic" link to the user's email or phone. In such cases users are advised to use this facility and input the newly generated password secret, when prompted by the system. Systems that require the old password/secret for rotation Such systems usually have a modal password rotation window usually in the user settings section requiring the user to input the old and the new password sometimes with a confirmation. To generate/recover the old password in such cases users are advised to: * temporarily download gokey version 0.1.3 https://github.com/cloudflare/gokey/releases/tag/v0.1.3 for their respective operating system to recover the old password * use gokey version 0.2.0 or above to generate the new password * populate the system provided password rotation form Systems that allow multiple credentials for the same account to be provisioned Such systems usually require a secret or a cryptographic key as a credential for access, but allow several credentials at the same time. One example is SSH: a particular user may have several authorized public keys configured on the SSH server for access. For such systems users are advised to: * generate a new secret/key/credential using gokey version 0.2.0 or above * provision the new secret/key/credential in addition to the existing credential on the system * verify that the access or required system operation is still possible with the new secret/key/credential * revoke authorization for the existing/old credential from the system Credit This vulnerability was found by Théo Cusnir ( @mister_mime https://hackerone.com/mister_mime ) and responsibly disclosed through Cloudflare's bug bounty program.

Severity ?

7.1 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

CWE

CWE-330 - Use of Insufficiently Random Values

Assigner

cloudflare

References

URL

Tags

https://github.com/cloudflare/gokey/security/advi…

Impacted products

	Vendor	Product	Version
	Cloudflare	gokey	Affected: 0.1.0 , < 0.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T16:50:27.674442Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T16:54:23.544Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "github.com/cloudflare/gokey",
          "product": "gokey",
          "repo": "https://github.com/cloudflare/gokey",
          "vendor": "Cloudflare",
          "versions": [
            {
              "lessThan": "0.2.0",
              "status": "affected",
              "version": "0.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\n  \u003cdiv\u003e\n    \u003cp\u003eIn gokey versions \u003ccode\u003e\u0026lt;0.2.0\u003c/code\u003e,\n a flaw in the seed decryption logic resulted in passwords incorrectly \nbeing derived solely from the initial vector and the AES-GCM \nauthentication tag of the key seed.\u003c/p\u003e\n\u003cp\u003eThis issue has been fixed in gokey version \u003ccode\u003e0.2.0\u003c/code\u003e. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the \u003ccode\u003e-s\u003c/code\u003e option). Even if the input seed file stays the same, version \u003ccode\u003e0.2.0\u003c/code\u003e gokey will generate different secrets.\u003c/p\u003e\n\u003ch3\u003eImpact\u003c/h3\u003e\n\u003cp\u003eThis vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the \u003ccode\u003e-s\u003c/code\u003e option). Keys/secrets generated just from the master password (without the \u003ccode\u003e-s\u003c/code\u003e\n option) are not impacted. The confidentiality of the seed itself is \nalso not impacted (it is not required to regenerate the seed itself). \nSpecific impact includes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ekeys/secrets generated from a seed file may have lower entropy: it \nwas expected that the whole seed would be used to generate keys (240 \nbytes of entropy input), where in vulnerable versions only 28 bytes was \nused\u003c/li\u003e\n\u003cli\u003ea malicious entity could have recovered all passwords, generated \nfrom a particular seed, having only the seed file in possession without \nthe knowledge of the seed master password\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatches\u003c/h3\u003e\n\u003cp\u003eThe code logic bug has been fixed in gokey version \u003ccode\u003e0.2.0\u003c/code\u003e\n and above. Due to the deterministic nature of gokey, fixed versions \nwill produce different passwords/secrets using seed files, as all seed \nentropy will be used now.\u003c/p\u003e\n\u003ch3\u003eSystem secret rotation guidance\u003c/h3\u003e\n\u003cp\u003eIt is advised for users to regenerate passwords/secrets using the patched version of gokey (\u003ccode\u003e0.2.0\u003c/code\u003e\n and above), and provision/rotate these secrets into respective systems \nin place of the old secret. A specific rotation procedure is \nsystem-dependent, but most common patterns are described below.\u003c/p\u003e\n\u003ch4\u003eSystems that do not require the old password/secret for rotation\u003c/h4\u003e\n\u003cp\u003eSuch systems usually have a \"Forgot password\" facility or a\n similar facility allowing users to rotate their password/secrets by \nsending a unique \"magic\" link to the user\u0027s email or phone. In such \ncases users are advised to use this facility and input the newly \ngenerated password secret, when prompted by the system.\u003c/p\u003e\n\u003ch4\u003eSystems that require the old password/secret for rotation\u003c/h4\u003e\n\u003cp\u003eSuch systems usually have a modal password rotation window\n usually in the user settings section requiring the user to input the \nold and the new password sometimes with a confirmation. To \ngenerate/recover the old password in such cases users are advised to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003etemporarily download \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/gokey/releases/tag/v0.1.3\"\u003egokey version \u003ccode\u003e0.1.3\u003c/code\u003e\u003c/a\u003e for their respective operating system to recover the old password\u003c/li\u003e\n\u003cli\u003euse gokey version \u003ccode\u003e0.2.0\u003c/code\u003e or above to generate the new password\u003c/li\u003e\n\u003cli\u003epopulate the system provided password rotation form\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eSystems that allow multiple credentials for the same account to be provisioned\u003c/h4\u003e\n\u003cp\u003eSuch systems usually require a secret or a cryptographic \nkey as a credential for access, but allow several credentials at the \nsame time. One example is SSH: a particular user may have several \nauthorized public keys configured on the SSH server for access. For such\n systems users are advised to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003egenerate a new secret/key/credential using gokey version \u003ccode\u003e0.2.0\u003c/code\u003e or above\u003c/li\u003e\n\u003cli\u003eprovision the new secret/key/credential in addition to the existing credential on the system\u003c/li\u003e\n\u003cli\u003everify that the access or required system operation is still possible with the new secret/key/credential\u003c/li\u003e\n\u003cli\u003erevoke authorization for the existing/old credential from the system\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredit\u003c/h3\u003e\n\u003cp\u003eThis vulnerability was found by Th\u00e9o Cusnir (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hackerone.com/mister_mime?type=user\"\u003e@mister_mime\u003c/a\u003e) and responsibly disclosed through Cloudflare\u0027s bug bounty program.\u003c/p\u003e\n  \u003c/div\u003e\n\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "In gokey versions \u003c0.2.0,\n a flaw in the seed decryption logic resulted in passwords incorrectly \nbeing derived solely from the initial vector and the AES-GCM \nauthentication tag of the key seed.\n\n\nThis issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the -s option). Even if the input seed file stays the same, version 0.2.0 gokey will generate different secrets.\n\n\nImpact\nThis vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the -s option). Keys/secrets generated just from the master password (without the -s\n option) are not impacted. The confidentiality of the seed itself is \nalso not impacted (it is not required to regenerate the seed itself). \nSpecific impact includes:\n\n\n\n  *  keys/secrets generated from a seed file may have lower entropy: it \nwas expected that the whole seed would be used to generate keys (240 \nbytes of entropy input), where in vulnerable versions only 28 bytes was \nused\n\n  *  a malicious entity could have recovered all passwords, generated \nfrom a particular seed, having only the seed file in possession without \nthe knowledge of the seed master password\n\n\n\n\nPatches\nThe code logic bug has been fixed in gokey version 0.2.0\n and above. Due to the deterministic nature of gokey, fixed versions \nwill produce different passwords/secrets using seed files, as all seed \nentropy will be used now.\n\n\nSystem secret rotation guidance\nIt is advised for users to regenerate passwords/secrets using the patched version of gokey (0.2.0\n and above), and provision/rotate these secrets into respective systems \nin place of the old secret. A specific rotation procedure is \nsystem-dependent, but most common patterns are described below.\n\n\nSystems that do not require the old password/secret for rotation\nSuch systems usually have a \"Forgot password\" facility or a\n similar facility allowing users to rotate their password/secrets by \nsending a unique \"magic\" link to the user\u0027s email or phone. In such \ncases users are advised to use this facility and input the newly \ngenerated password secret, when prompted by the system.\n\n\nSystems that require the old password/secret for rotation\nSuch systems usually have a modal password rotation window\n usually in the user settings section requiring the user to input the \nold and the new password sometimes with a confirmation. To \ngenerate/recover the old password in such cases users are advised to:\n\n\n\n  *  temporarily download  gokey version 0.1.3 https://github.com/cloudflare/gokey/releases/tag/v0.1.3  for their respective operating system to recover the old password\n\n  *  use gokey version 0.2.0 or above to generate the new password\n\n  *  populate the system provided password rotation form\n\n\n\n\nSystems that allow multiple credentials for the same account to be provisioned\nSuch systems usually require a secret or a cryptographic \nkey as a credential for access, but allow several credentials at the \nsame time. One example is SSH: a particular user may have several \nauthorized public keys configured on the SSH server for access. For such\n systems users are advised to:\n\n\n\n  *  generate a new secret/key/credential using gokey version 0.2.0 or above\n\n  *  provision the new secret/key/credential in addition to the existing credential on the system\n\n  *  verify that the access or required system operation is still possible with the new secret/key/credential\n\n  *  revoke authorization for the existing/old credential from the system\n\n\n\n\nCredit\nThis vulnerability was found by Th\u00e9o Cusnir ( @mister_mime https://hackerone.com/mister_mime ) and responsibly disclosed through Cloudflare\u0027s bug bounty program."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-330",
              "description": "CWE-330 Use of Insufficiently Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-02T11:03:21.832Z",
        "orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
        "shortName": "cloudflare"
      },
      "references": [
        {
          "url": "https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "gokey allows secret recovery from a seed file without the master password",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
    "assignerShortName": "cloudflare",
    "cveId": "CVE-2025-13353",
    "datePublished": "2025-12-02T11:03:21.832Z",
    "dateReserved": "2025-11-18T11:21:27.669Z",
    "dateUpdated": "2025-12-02T16:54:23.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-13353\",\"sourceIdentifier\":\"cna@cloudflare.com\",\"published\":\"2025-12-02T11:15:47.437\",\"lastModified\":\"2025-12-02T17:16:29.163\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In gokey versions \u003c0.2.0,\\n a flaw in the seed decryption logic resulted in passwords incorrectly \\nbeing derived solely from the initial vector and the AES-GCM \\nauthentication tag of the key seed.\\n\\n\\nThis issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the -s option). Even if the input seed file stays the same, version 0.2.0 gokey will generate different secrets.\\n\\n\\nImpact\\nThis vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the -s option). Keys/secrets generated just from the master password (without the -s\\n option) are not impacted. The confidentiality of the seed itself is \\nalso not impacted (it is not required to regenerate the seed itself). \\nSpecific impact includes:\\n\\n\\n\\n  *  keys/secrets generated from a seed file may have lower entropy: it \\nwas expected that the whole seed would be used to generate keys (240 \\nbytes of entropy input), where in vulnerable versions only 28 bytes was \\nused\\n\\n  *  a malicious entity could have recovered all passwords, generated \\nfrom a particular seed, having only the seed file in possession without \\nthe knowledge of the seed master password\\n\\n\\n\\n\\nPatches\\nThe code logic bug has been fixed in gokey version 0.2.0\\n and above. Due to the deterministic nature of gokey, fixed versions \\nwill produce different passwords/secrets using seed files, as all seed \\nentropy will be used now.\\n\\n\\nSystem secret rotation guidance\\nIt is advised for users to regenerate passwords/secrets using the patched version of gokey (0.2.0\\n and above), and provision/rotate these secrets into respective systems \\nin place of the old secret. A specific rotation procedure is \\nsystem-dependent, but most common patterns are described below.\\n\\n\\nSystems that do not require the old password/secret for rotation\\nSuch systems usually have a \\\"Forgot password\\\" facility or a\\n similar facility allowing users to rotate their password/secrets by \\nsending a unique \\\"magic\\\" link to the user\u0027s email or phone. In such \\ncases users are advised to use this facility and input the newly \\ngenerated password secret, when prompted by the system.\\n\\n\\nSystems that require the old password/secret for rotation\\nSuch systems usually have a modal password rotation window\\n usually in the user settings section requiring the user to input the \\nold and the new password sometimes with a confirmation. To \\ngenerate/recover the old password in such cases users are advised to:\\n\\n\\n\\n  *  temporarily download  gokey version 0.1.3 https://github.com/cloudflare/gokey/releases/tag/v0.1.3  for their respective operating system to recover the old password\\n\\n  *  use gokey version 0.2.0 or above to generate the new password\\n\\n  *  populate the system provided password rotation form\\n\\n\\n\\n\\nSystems that allow multiple credentials for the same account to be provisioned\\nSuch systems usually require a secret or a cryptographic \\nkey as a credential for access, but allow several credentials at the \\nsame time. One example is SSH: a particular user may have several \\nauthorized public keys configured on the SSH server for access. For such\\n systems users are advised to:\\n\\n\\n\\n  *  generate a new secret/key/credential using gokey version 0.2.0 or above\\n\\n  *  provision the new secret/key/credential in addition to the existing credential on the system\\n\\n  *  verify that the access or required system operation is still possible with the new secret/key/credential\\n\\n  *  revoke authorization for the existing/old credential from the system\\n\\n\\n\\n\\nCredit\\nThis vulnerability was found by Th\u00e9o Cusnir ( @mister_mime https://hackerone.com/mister_mime ) and responsibly disclosed through Cloudflare\u0027s bug bounty program.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@cloudflare.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"cna@cloudflare.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"references\":[{\"url\":\"https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm\",\"source\":\"cna@cloudflare.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13353\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-02T16:50:27.674442Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-02T16:50:26.636Z\"}}], \"cna\": {\"title\": \"gokey allows secret recovery from a seed file without the master password\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/cloudflare/gokey\", \"vendor\": \"Cloudflare\", \"product\": \"gokey\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.1.0\", \"lessThan\": \"0.2.0\", \"versionType\": \"semver\"}], \"packageName\": \"github.com/cloudflare/gokey\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In gokey versions \u003c0.2.0,\\n a flaw in the seed decryption logic resulted in passwords incorrectly \\nbeing derived solely from the initial vector and the AES-GCM \\nauthentication tag of the key seed.\\n\\n\\nThis issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the -s option). Even if the input seed file stays the same, version 0.2.0 gokey will generate different secrets.\\n\\n\\nImpact\\nThis vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the -s option). Keys/secrets generated just from the master password (without the -s\\n option) are not impacted. The confidentiality of the seed itself is \\nalso not impacted (it is not required to regenerate the seed itself). \\nSpecific impact includes:\\n\\n\\n\\n  *  keys/secrets generated from a seed file may have lower entropy: it \\nwas expected that the whole seed would be used to generate keys (240 \\nbytes of entropy input), where in vulnerable versions only 28 bytes was \\nused\\n\\n  *  a malicious entity could have recovered all passwords, generated \\nfrom a particular seed, having only the seed file in possession without \\nthe knowledge of the seed master password\\n\\n\\n\\n\\nPatches\\nThe code logic bug has been fixed in gokey version 0.2.0\\n and above. Due to the deterministic nature of gokey, fixed versions \\nwill produce different passwords/secrets using seed files, as all seed \\nentropy will be used now.\\n\\n\\nSystem secret rotation guidance\\nIt is advised for users to regenerate passwords/secrets using the patched version of gokey (0.2.0\\n and above), and provision/rotate these secrets into respective systems \\nin place of the old secret. A specific rotation procedure is \\nsystem-dependent, but most common patterns are described below.\\n\\n\\nSystems that do not require the old password/secret for rotation\\nSuch systems usually have a \\\"Forgot password\\\" facility or a\\n similar facility allowing users to rotate their password/secrets by \\nsending a unique \\\"magic\\\" link to the user\u0027s email or phone. In such \\ncases users are advised to use this facility and input the newly \\ngenerated password secret, when prompted by the system.\\n\\n\\nSystems that require the old password/secret for rotation\\nSuch systems usually have a modal password rotation window\\n usually in the user settings section requiring the user to input the \\nold and the new password sometimes with a confirmation. To \\ngenerate/recover the old password in such cases users are advised to:\\n\\n\\n\\n  *  temporarily download  gokey version 0.1.3 https://github.com/cloudflare/gokey/releases/tag/v0.1.3  for their respective operating system to recover the old password\\n\\n  *  use gokey version 0.2.0 or above to generate the new password\\n\\n  *  populate the system provided password rotation form\\n\\n\\n\\n\\nSystems that allow multiple credentials for the same account to be provisioned\\nSuch systems usually require a secret or a cryptographic \\nkey as a credential for access, but allow several credentials at the \\nsame time. One example is SSH: a particular user may have several \\nauthorized public keys configured on the SSH server for access. For such\\n systems users are advised to:\\n\\n\\n\\n  *  generate a new secret/key/credential using gokey version 0.2.0 or above\\n\\n  *  provision the new secret/key/credential in addition to the existing credential on the system\\n\\n  *  verify that the access or required system operation is still possible with the new secret/key/credential\\n\\n  *  revoke authorization for the existing/old credential from the system\\n\\n\\n\\n\\nCredit\\nThis vulnerability was found by Th\\u00e9o Cusnir ( @mister_mime https://hackerone.com/mister_mime ) and responsibly disclosed through Cloudflare\u0027s bug bounty program.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\\n  \u003cdiv\u003e\\n    \u003cp\u003eIn gokey versions \u003ccode\u003e\u0026lt;0.2.0\u003c/code\u003e,\\n a flaw in the seed decryption logic resulted in passwords incorrectly \\nbeing derived solely from the initial vector and the AES-GCM \\nauthentication tag of the key seed.\u003c/p\u003e\\n\u003cp\u003eThis issue has been fixed in gokey version \u003ccode\u003e0.2.0\u003c/code\u003e. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the \u003ccode\u003e-s\u003c/code\u003e option). Even if the input seed file stays the same, version \u003ccode\u003e0.2.0\u003c/code\u003e gokey will generate different secrets.\u003c/p\u003e\\n\u003ch3\u003eImpact\u003c/h3\u003e\\n\u003cp\u003eThis vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the \u003ccode\u003e-s\u003c/code\u003e option). Keys/secrets generated just from the master password (without the \u003ccode\u003e-s\u003c/code\u003e\\n option) are not impacted. The confidentiality of the seed itself is \\nalso not impacted (it is not required to regenerate the seed itself). \\nSpecific impact includes:\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003ekeys/secrets generated from a seed file may have lower entropy: it \\nwas expected that the whole seed would be used to generate keys (240 \\nbytes of entropy input), where in vulnerable versions only 28 bytes was \\nused\u003c/li\u003e\\n\u003cli\u003ea malicious entity could have recovered all passwords, generated \\nfrom a particular seed, having only the seed file in possession without \\nthe knowledge of the seed master password\u003c/li\u003e\\n\u003c/ul\u003e\\n\u003ch3\u003ePatches\u003c/h3\u003e\\n\u003cp\u003eThe code logic bug has been fixed in gokey version \u003ccode\u003e0.2.0\u003c/code\u003e\\n and above. Due to the deterministic nature of gokey, fixed versions \\nwill produce different passwords/secrets using seed files, as all seed \\nentropy will be used now.\u003c/p\u003e\\n\u003ch3\u003eSystem secret rotation guidance\u003c/h3\u003e\\n\u003cp\u003eIt is advised for users to regenerate passwords/secrets using the patched version of gokey (\u003ccode\u003e0.2.0\u003c/code\u003e\\n and above), and provision/rotate these secrets into respective systems \\nin place of the old secret. A specific rotation procedure is \\nsystem-dependent, but most common patterns are described below.\u003c/p\u003e\\n\u003ch4\u003eSystems that do not require the old password/secret for rotation\u003c/h4\u003e\\n\u003cp\u003eSuch systems usually have a \\\"Forgot password\\\" facility or a\\n similar facility allowing users to rotate their password/secrets by \\nsending a unique \\\"magic\\\" link to the user\u0027s email or phone. In such \\ncases users are advised to use this facility and input the newly \\ngenerated password secret, when prompted by the system.\u003c/p\u003e\\n\u003ch4\u003eSystems that require the old password/secret for rotation\u003c/h4\u003e\\n\u003cp\u003eSuch systems usually have a modal password rotation window\\n usually in the user settings section requiring the user to input the \\nold and the new password sometimes with a confirmation. To \\ngenerate/recover the old password in such cases users are advised to:\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003etemporarily download \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/cloudflare/gokey/releases/tag/v0.1.3\\\"\u003egokey version \u003ccode\u003e0.1.3\u003c/code\u003e\u003c/a\u003e for their respective operating system to recover the old password\u003c/li\u003e\\n\u003cli\u003euse gokey version \u003ccode\u003e0.2.0\u003c/code\u003e or above to generate the new password\u003c/li\u003e\\n\u003cli\u003epopulate the system provided password rotation form\u003c/li\u003e\\n\u003c/ul\u003e\\n\u003ch4\u003eSystems that allow multiple credentials for the same account to be provisioned\u003c/h4\u003e\\n\u003cp\u003eSuch systems usually require a secret or a cryptographic \\nkey as a credential for access, but allow several credentials at the \\nsame time. One example is SSH: a particular user may have several \\nauthorized public keys configured on the SSH server for access. For such\\n systems users are advised to:\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003egenerate a new secret/key/credential using gokey version \u003ccode\u003e0.2.0\u003c/code\u003e or above\u003c/li\u003e\\n\u003cli\u003eprovision the new secret/key/credential in addition to the existing credential on the system\u003c/li\u003e\\n\u003cli\u003everify that the access or required system operation is still possible with the new secret/key/credential\u003c/li\u003e\\n\u003cli\u003erevoke authorization for the existing/old credential from the system\u003c/li\u003e\\n\u003c/ul\u003e\\n\u003ch3\u003eCredit\u003c/h3\u003e\\n\u003cp\u003eThis vulnerability was found by Th\\u00e9o Cusnir (\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://hackerone.com/mister_mime?type=user\\\"\u003e@mister_mime\u003c/a\u003e) and responsibly disclosed through Cloudflare\u0027s bug bounty program.\u003c/p\u003e\\n  \u003c/div\u003e\\n\u003c/div\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-330\", \"description\": \"CWE-330 Use of Insufficiently Random Values\"}]}], \"providerMetadata\": {\"orgId\": \"a22f1246-ba21-4bb4-a601-ad51614c1513\", \"shortName\": \"cloudflare\", \"dateUpdated\": \"2025-12-02T11:03:21.832Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-13353\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-02T16:54:23.544Z\", \"dateReserved\": \"2025-11-18T11:21:27.669Z\", \"assignerOrgId\": \"a22f1246-ba21-4bb4-a601-ad51614c1513\", \"datePublished\": \"2025-12-02T11:03:21.832Z\", \"assignerShortName\": \"cloudflare\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2025-13353

Vulnerability from fkie_nvd - Published: 2025-12-02 11:15 - Updated: 2025-12-02 17:16

Severity ?

7.1 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Summary

References

	URL	Tags
	cna@cloudflare.com	https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In gokey versions \u003c0.2.0,\n a flaw in the seed decryption logic resulted in passwords incorrectly \nbeing derived solely from the initial vector and the AES-GCM \nauthentication tag of the key seed.\n\n\nThis issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the -s option). Even if the input seed file stays the same, version 0.2.0 gokey will generate different secrets.\n\n\nImpact\nThis vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the -s option). Keys/secrets generated just from the master password (without the -s\n option) are not impacted. The confidentiality of the seed itself is \nalso not impacted (it is not required to regenerate the seed itself). \nSpecific impact includes:\n\n\n\n  *  keys/secrets generated from a seed file may have lower entropy: it \nwas expected that the whole seed would be used to generate keys (240 \nbytes of entropy input), where in vulnerable versions only 28 bytes was \nused\n\n  *  a malicious entity could have recovered all passwords, generated \nfrom a particular seed, having only the seed file in possession without \nthe knowledge of the seed master password\n\n\n\n\nPatches\nThe code logic bug has been fixed in gokey version 0.2.0\n and above. Due to the deterministic nature of gokey, fixed versions \nwill produce different passwords/secrets using seed files, as all seed \nentropy will be used now.\n\n\nSystem secret rotation guidance\nIt is advised for users to regenerate passwords/secrets using the patched version of gokey (0.2.0\n and above), and provision/rotate these secrets into respective systems \nin place of the old secret. A specific rotation procedure is \nsystem-dependent, but most common patterns are described below.\n\n\nSystems that do not require the old password/secret for rotation\nSuch systems usually have a \"Forgot password\" facility or a\n similar facility allowing users to rotate their password/secrets by \nsending a unique \"magic\" link to the user\u0027s email or phone. In such \ncases users are advised to use this facility and input the newly \ngenerated password secret, when prompted by the system.\n\n\nSystems that require the old password/secret for rotation\nSuch systems usually have a modal password rotation window\n usually in the user settings section requiring the user to input the \nold and the new password sometimes with a confirmation. To \ngenerate/recover the old password in such cases users are advised to:\n\n\n\n  *  temporarily download  gokey version 0.1.3 https://github.com/cloudflare/gokey/releases/tag/v0.1.3  for their respective operating system to recover the old password\n\n  *  use gokey version 0.2.0 or above to generate the new password\n\n  *  populate the system provided password rotation form\n\n\n\n\nSystems that allow multiple credentials for the same account to be provisioned\nSuch systems usually require a secret or a cryptographic \nkey as a credential for access, but allow several credentials at the \nsame time. One example is SSH: a particular user may have several \nauthorized public keys configured on the SSH server for access. For such\n systems users are advised to:\n\n\n\n  *  generate a new secret/key/credential using gokey version 0.2.0 or above\n\n  *  provision the new secret/key/credential in addition to the existing credential on the system\n\n  *  verify that the access or required system operation is still possible with the new secret/key/credential\n\n  *  revoke authorization for the existing/old credential from the system\n\n\n\n\nCredit\nThis vulnerability was found by Th\u00e9o Cusnir ( @mister_mime https://hackerone.com/mister_mime ) and responsibly disclosed through Cloudflare\u0027s bug bounty program."
    }
  ],
  "id": "CVE-2025-13353",
  "lastModified": "2025-12-02T17:16:29.163",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@cloudflare.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-02T11:15:47.437",
  "references": [
    {
      "source": "cna@cloudflare.com",
      "url": "https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm"
    }
  ],
  "sourceIdentifier": "cna@cloudflare.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-330"
        }
      ],
      "source": "cna@cloudflare.com",
      "type": "Secondary"
    }
  ]
}

GHSA-69JW-4JJ8-FCXM

Vulnerability from github – Published: 2025-12-02 17:55 – Updated: 2025-12-02 17:55

Summary

gokey allows secret recovery from a seed file without the master password

Details

In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed.

This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the -s option). Even if the input seed file stays the same, version 0.2.0 gokey will generate different secrets.

Impact

This vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the -s option). Keys/secrets generated just from the master password (without the -s option) are not impacted. The confidentiality of the seed itself is also not impacted (it is not required to regenerate the seed itself). Specific impact includes:

keys/secrets generated from a seed file may have lower entropy: it was expected that the whole seed would be used to generate keys (240 bytes of entropy input), where in vulnerable versions only 28 bytes was used
a malicious entity could have recovered all passwords, generated from a particular seed, having only the seed file in possession without the knowledge of the seed master password

Patches

The code logic bug has been fixed in gokey version 0.2.0 and above. Due to the deterministic nature of gokey, fixed versions will produce different passwords/secrets using seed files, as all seed entropy will be used now.

System secret rotation guidance

It is advised for users to regenerate passwords/secrets using the patched version of gokey (0.2.0 and above), and provision/rotate these secrets into respective systems in place of the old secret. A specific rotation procedure is system-dependent, but most common patterns are described below.

Systems that do not require the old password/secret for rotation

Such systems usually have a "Forgot password" facility or a similar facility allowing users to rotate their password/secrets by sending a unique "magic" link to the user's email or phone. In such cases users are advised to use this facility and input the newly generated password secret, when prompted by the system.

Systems that require the old password/secret for rotation

Such systems usually have a modal password rotation window usually in the user settings section requiring the user to input the old and the new password sometimes with a confirmation. To generate/recover the old password in such cases users are advised to:

temporarily download gokey version 0.1.3 for their respective operating system to recover the old password
use gokey version 0.2.0 or above to generate the new password
populate the system provided password rotation form

Systems that allow multiple credentials for the same account to be provisioned

Such systems usually require a secret or a cryptographic key as a credential for access, but allow several credentials at the same time. One example is SSH: a particular user may have several authorized public keys configured on the SSH server for access. For such systems users are advised to:

generate a new secret/key/credential using gokey version 0.2.0 or above
provision the new secret/key/credential in addition to the existing credential on the system
verify that the access or required system operation is still possible with the new secret/key/credential
revoke authorization for the existing/old credential from the system

Credit

This vulnerability was found by Théo Cusnir (@mister_mime) and responsibly disclosed through Cloudflare's bug bounty program.

Severity ?

7.1 (High)


                  
                    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cloudflare/gokey"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-13353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-02T17:55:54Z",
    "nvd_published_at": "2025-12-02T11:15:47Z",
    "severity": "HIGH"
  },
  "details": "In gokey versions `\u003c0.2.0`, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed.\n\nThis issue has been fixed in gokey version `0.2.0`. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the `-s` option). Even if the input seed file stays the same, version `0.2.0` gokey will generate different secrets.\n\n### Impact\n\nThis vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the `-s` option). Keys/secrets generated just from the master password (without the `-s` option) are not impacted. The confidentiality of the seed itself is also not impacted (it is not required to regenerate the seed itself). Specific impact includes:\n\n* keys/secrets generated from a seed file may have lower entropy: it was expected that the whole seed would be used to generate keys (240 bytes of entropy input), where in vulnerable versions only 28 bytes was used  \n* a malicious entity could have recovered all passwords, generated from a particular seed, having only the seed file in possession without the knowledge of the seed master password\n\n### Patches\n\nThe code logic bug has been fixed in gokey version `0.2.0` and above. Due to the deterministic nature of gokey, fixed versions will produce different passwords/secrets using seed files, as all seed entropy will be used now.\n\n### System secret rotation guidance\n\nIt is advised for users to regenerate passwords/secrets using the patched version of gokey (`0.2.0` and above), and provision/rotate these secrets into respective systems in place of the old secret. A specific rotation procedure is system-dependent, but most common patterns are described below.\n\n#### Systems that do not require the old password/secret for rotation\n\nSuch systems usually have a \"Forgot password\" facility or a similar facility allowing users to rotate their password/secrets by sending a unique \"magic\" link to the user\u0027s email or phone. In such cases users are advised to use this facility and input the newly generated password secret, when prompted by the system.\n\n#### Systems that require the old password/secret for rotation\n\nSuch systems usually have a modal password rotation window usually in the user settings section requiring the user to input the old and the new password sometimes with a confirmation. To generate/recover the old password in such cases users are advised to:\n\n* temporarily download [gokey version `0.1.3`](https://github.com/cloudflare/gokey/releases/tag/v0.1.3) for their respective operating system to recover the old password  \n* use gokey version `0.2.0` or above to generate the new password  \n* populate the system provided password rotation form\n\n#### Systems that allow multiple credentials for the same account to be provisioned\n\nSuch systems usually require a secret or a cryptographic key as a credential for access, but allow several credentials at the same time. One example is SSH: a particular user may have several authorized public keys configured on the SSH server for access. For such systems users are advised to:\n\n* generate a new secret/key/credential using gokey version `0.2.0` or above  \n* provision the new secret/key/credential in addition to the existing credential on the system  \n* verify that the access or required system operation is still possible with the new secret/key/credential  \n* revoke authorization for the existing/old credential from the system\n\n### Credit\n\nThis vulnerability was found by Th\u00e9o Cusnir ([@mister_mime](https://hackerone.com/mister_mime?type=user)) and responsibly disclosed through Cloudflare\u0027s bug bounty program.",
  "id": "GHSA-69jw-4jj8-fcxm",
  "modified": "2025-12-02T17:55:54Z",
  "published": "2025-12-02T17:55:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13353"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/gokey/commit/f261819e99ea169843bd5aa3e643d046260ff511"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudflare/gokey"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "gokey allows secret recovery from a seed file without the master password"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-13353 (GCVE-0-2025-13353)

FKIE_CVE-2025-13353

GHSA-69JW-4JJ8-FCXM

Impact

Patches

System secret rotation guidance

Systems that do not require the old password/secret for rotation

Systems that require the old password/secret for rotation

Systems that allow multiple credentials for the same account to be provisioned

Credit

Tags

Sightings

Nomenclature