Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-13609 (GCVE-0-2025-13609)
Vulnerability from cvelistv5 – Published: 2025-11-24 18:08 – Updated: 2025-12-22 20:41
VLAI?
EPSS
Title
Keylime: keylime: registrar allows identity takeover via duplicate uuid registration
Summary
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
Severity ?
8.2 (High)
CWE
- CWE-694 - Use of Multiple Resources with Duplicate Identifier
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Keylime Project | keylime |
Affected:
0 , < 7.14.0
(semver)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T19:00:14.018523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T19:00:31.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/keylime/keylime",
"defaultStatus": "unaffected",
"packageName": "keylime",
"product": "keylime",
"vendor": "Keylime Project",
"versions": [
{
"lessThan": "7.14.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "keylime",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.12.1-11.el10_1.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "keylime",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.12.1-11.el9_7.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "keylime",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.5.2-6.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "keylime",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.3.0-13.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"packageName": "keylime",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.3.0-15.el9_6.1",
"versionType": "rpm"
}
]
}
],
"datePublic": "2025-11-24T16:00:06.761Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-694",
"description": "Use of Multiple Resources with Duplicate Identifier",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T20:41:15.718Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:23201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:23201"
},
{
"name": "RHSA-2025:23210",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:23210"
},
{
"name": "RHSA-2025:23628",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:23628"
},
{
"name": "RHSA-2025:23735",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:23735"
},
{
"name": "RHSA-2025:23852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:23852"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-13609"
},
{
"name": "RHBZ#2416761",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-24T14:53:54.188000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-11-24T16:00:06.761000+00:00",
"value": "Made public."
}
],
"title": "Keylime: keylime: registrar allows identity takeover via duplicate uuid registration",
"workarounds": [
{
"lang": "en",
"value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-694: Use of Multiple Resources with Duplicate Identifier"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-13609",
"datePublished": "2025-11-24T18:08:56.048Z",
"dateReserved": "2025-11-24T15:47:12.935Z",
"dateUpdated": "2025-12-22T20:41:15.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-13609\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-11-24T18:15:49.830\",\"lastModified\":\"2025-12-22T12:16:19.130\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.3,\"impactScore\":5.3}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-694\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:23201\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:23210\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:23628\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:23735\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:23852\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-13609\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2416761\",\"source\":\"secalert@redhat.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13609\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-24T19:00:14.018523Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-24T19:00:24.300Z\"}}], \"cna\": {\"title\": \"Keylime: keylime: registrar allows identity takeover via duplicate uuid registration\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Keylime Project\", \"product\": \"keylime\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"7.14.0\", \"versionType\": \"semver\"}], \"packageName\": \"keylime\", \"collectionURL\": \"https://github.com/keylime/keylime\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:7.12.1-11.el10_1.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"keylime\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:7.12.1-11.el9_7.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"keylime\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:6.5.2-6.el9_2.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"keylime\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.4 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:7.3.0-13.el9_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"keylime\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.6 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:7.3.0-15.el9_6.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"keylime\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-11-24T14:53:54.188000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-11-24T16:00:06.761000+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-11-24T16:00:06.761Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:23201\", \"name\": \"RHSA-2025:23201\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:23210\", \"name\": \"RHSA-2025:23210\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:23628\", \"name\": \"RHSA-2025:23628\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:23735\", \"name\": \"RHSA-2025:23735\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:23852\", \"name\": \"RHSA-2025:23852\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-13609\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2416761\", \"name\": \"RHBZ#2416761\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-694\", \"description\": \"Use of Multiple Resources with Duplicate Identifier\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-12-22T20:41:15.718Z\"}, \"x_redhatCweChain\": \"CWE-694: Use of Multiple Resources with Duplicate Identifier\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-13609\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-22T20:41:15.718Z\", \"dateReserved\": \"2025-11-24T15:47:12.935Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-11-24T18:08:56.048Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-13609
Vulnerability from fkie_nvd - Published: 2025-11-24 18:15 - Updated: 2025-12-22 12:16
Severity ?
Summary
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls."
}
],
"id": "CVE-2025-13609",
"lastModified": "2025-12-22T12:16:19.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2025-11-24T18:15:49.830",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:23201"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:23210"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:23628"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:23735"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:23852"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2025-13609"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-694"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
RHSA-2025:23735
Vulnerability from csaf_redhat - Published: 2025-12-22 01:29 - Updated: 2025-12-22 20:41Summary
Red Hat Security Advisory: keylime security update
Notes
Topic
An update for keylime is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.
Security Fix(es):
* keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration (CVE-2025-13609)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for keylime is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.\n\nSecurity Fix(es):\n\n* keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration (CVE-2025-13609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23735",
"url": "https://access.redhat.com/errata/RHSA-2025:23735"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23735.json"
}
],
"title": "Red Hat Security Advisory: keylime security update",
"tracking": {
"current_release_date": "2025-12-22T20:41:22+00:00",
"generator": {
"date": "2025-12-22T20:41:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:23735",
"initial_release_date": "2025-12-22T01:29:17+00:00",
"revision_history": [
{
"date": "2025-12-22T01:29:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-22T01:29:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-22T20:41:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:6.5.2-6.el9_2.1.src",
"product": {
"name": "keylime-0:6.5.2-6.el9_2.1.src",
"product_id": "keylime-0:6.5.2-6.el9_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@6.5.2-6.el9_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:6.5.2-6.el9_2.1.aarch64",
"product": {
"name": "keylime-0:6.5.2-6.el9_2.1.aarch64",
"product_id": "keylime-0:6.5.2-6.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@6.5.2-6.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:6.5.2-6.el9_2.1.aarch64",
"product": {
"name": "keylime-base-0:6.5.2-6.el9_2.1.aarch64",
"product_id": "keylime-base-0:6.5.2-6.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@6.5.2-6.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.aarch64",
"product": {
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.aarch64",
"product_id": "keylime-registrar-0:6.5.2-6.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@6.5.2-6.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.aarch64",
"product": {
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.aarch64",
"product_id": "keylime-tenant-0:6.5.2-6.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@6.5.2-6.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.aarch64",
"product": {
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.aarch64",
"product_id": "keylime-verifier-0:6.5.2-6.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@6.5.2-6.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:6.5.2-6.el9_2.1.aarch64",
"product": {
"name": "python3-keylime-0:6.5.2-6.el9_2.1.aarch64",
"product_id": "python3-keylime-0:6.5.2-6.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@6.5.2-6.el9_2.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:6.5.2-6.el9_2.1.s390x",
"product": {
"name": "keylime-0:6.5.2-6.el9_2.1.s390x",
"product_id": "keylime-0:6.5.2-6.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@6.5.2-6.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:6.5.2-6.el9_2.1.s390x",
"product": {
"name": "keylime-base-0:6.5.2-6.el9_2.1.s390x",
"product_id": "keylime-base-0:6.5.2-6.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@6.5.2-6.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.s390x",
"product": {
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.s390x",
"product_id": "keylime-registrar-0:6.5.2-6.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@6.5.2-6.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.s390x",
"product": {
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.s390x",
"product_id": "keylime-tenant-0:6.5.2-6.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@6.5.2-6.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.s390x",
"product": {
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.s390x",
"product_id": "keylime-verifier-0:6.5.2-6.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@6.5.2-6.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:6.5.2-6.el9_2.1.s390x",
"product": {
"name": "python3-keylime-0:6.5.2-6.el9_2.1.s390x",
"product_id": "python3-keylime-0:6.5.2-6.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@6.5.2-6.el9_2.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:6.5.2-6.el9_2.1.ppc64le",
"product": {
"name": "keylime-0:6.5.2-6.el9_2.1.ppc64le",
"product_id": "keylime-0:6.5.2-6.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@6.5.2-6.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:6.5.2-6.el9_2.1.ppc64le",
"product": {
"name": "keylime-base-0:6.5.2-6.el9_2.1.ppc64le",
"product_id": "keylime-base-0:6.5.2-6.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@6.5.2-6.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.ppc64le",
"product": {
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.ppc64le",
"product_id": "keylime-registrar-0:6.5.2-6.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@6.5.2-6.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.ppc64le",
"product": {
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.ppc64le",
"product_id": "keylime-tenant-0:6.5.2-6.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@6.5.2-6.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.ppc64le",
"product": {
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.ppc64le",
"product_id": "keylime-verifier-0:6.5.2-6.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@6.5.2-6.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:6.5.2-6.el9_2.1.ppc64le",
"product": {
"name": "python3-keylime-0:6.5.2-6.el9_2.1.ppc64le",
"product_id": "python3-keylime-0:6.5.2-6.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@6.5.2-6.el9_2.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:6.5.2-6.el9_2.1.x86_64",
"product": {
"name": "keylime-0:6.5.2-6.el9_2.1.x86_64",
"product_id": "keylime-0:6.5.2-6.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@6.5.2-6.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:6.5.2-6.el9_2.1.x86_64",
"product": {
"name": "keylime-base-0:6.5.2-6.el9_2.1.x86_64",
"product_id": "keylime-base-0:6.5.2-6.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@6.5.2-6.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.x86_64",
"product": {
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.x86_64",
"product_id": "keylime-registrar-0:6.5.2-6.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@6.5.2-6.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.x86_64",
"product": {
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.x86_64",
"product_id": "keylime-tenant-0:6.5.2-6.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@6.5.2-6.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.x86_64",
"product": {
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.x86_64",
"product_id": "keylime-verifier-0:6.5.2-6.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@6.5.2-6.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:6.5.2-6.el9_2.1.x86_64",
"product": {
"name": "python3-keylime-0:6.5.2-6.el9_2.1.x86_64",
"product_id": "python3-keylime-0:6.5.2-6.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@6.5.2-6.el9_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-selinux-0:6.5.2-6.el9_2.1.noarch",
"product": {
"name": "keylime-selinux-0:6.5.2-6.el9_2.1.noarch",
"product_id": "keylime-selinux-0:6.5.2-6.el9_2.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-selinux@6.5.2-6.el9_2.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:6.5.2-6.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.aarch64"
},
"product_reference": "keylime-0:6.5.2-6.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:6.5.2-6.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.ppc64le"
},
"product_reference": "keylime-0:6.5.2-6.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:6.5.2-6.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.s390x"
},
"product_reference": "keylime-0:6.5.2-6.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:6.5.2-6.el9_2.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.src"
},
"product_reference": "keylime-0:6.5.2-6.el9_2.1.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:6.5.2-6.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.x86_64"
},
"product_reference": "keylime-0:6.5.2-6.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:6.5.2-6.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.aarch64"
},
"product_reference": "keylime-base-0:6.5.2-6.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:6.5.2-6.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.ppc64le"
},
"product_reference": "keylime-base-0:6.5.2-6.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:6.5.2-6.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.s390x"
},
"product_reference": "keylime-base-0:6.5.2-6.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:6.5.2-6.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.x86_64"
},
"product_reference": "keylime-base-0:6.5.2-6.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.aarch64"
},
"product_reference": "keylime-registrar-0:6.5.2-6.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.ppc64le"
},
"product_reference": "keylime-registrar-0:6.5.2-6.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.s390x"
},
"product_reference": "keylime-registrar-0:6.5.2-6.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:6.5.2-6.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.x86_64"
},
"product_reference": "keylime-registrar-0:6.5.2-6.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-selinux-0:6.5.2-6.el9_2.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-selinux-0:6.5.2-6.el9_2.1.noarch"
},
"product_reference": "keylime-selinux-0:6.5.2-6.el9_2.1.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.aarch64"
},
"product_reference": "keylime-tenant-0:6.5.2-6.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.ppc64le"
},
"product_reference": "keylime-tenant-0:6.5.2-6.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.s390x"
},
"product_reference": "keylime-tenant-0:6.5.2-6.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:6.5.2-6.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.x86_64"
},
"product_reference": "keylime-tenant-0:6.5.2-6.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.aarch64"
},
"product_reference": "keylime-verifier-0:6.5.2-6.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.ppc64le"
},
"product_reference": "keylime-verifier-0:6.5.2-6.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.s390x"
},
"product_reference": "keylime-verifier-0:6.5.2-6.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:6.5.2-6.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.x86_64"
},
"product_reference": "keylime-verifier-0:6.5.2-6.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:6.5.2-6.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.aarch64"
},
"product_reference": "python3-keylime-0:6.5.2-6.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:6.5.2-6.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.ppc64le"
},
"product_reference": "python3-keylime-0:6.5.2-6.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:6.5.2-6.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.s390x"
},
"product_reference": "python3-keylime-0:6.5.2-6.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:6.5.2-6.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.x86_64"
},
"product_reference": "python3-keylime-0:6.5.2-6.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13609",
"cwe": {
"id": "CWE-694",
"name": "Use of Multiple Resources with Duplicate Identifier"
},
"discovery_date": "2025-11-24T14:53:54.188000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416761"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as the Keylime registrar allows an attacker to perform an identity takeover. By registering a new agent with a duplicate UUID, an attacker can overwrite an existing agent\u0027s identity, enabling impersonation and potential bypass of security controls. This affects Keylime in Red Hat Enterprise Linux and Red Hat In-Vehicle OS.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-selinux-0:6.5.2-6.el9_2.1.noarch",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13609"
},
{
"category": "external",
"summary": "RHBZ#2416761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13609"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609"
}
],
"release_date": "2025-11-24T16:00:06.761000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T01:29:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-selinux-0:6.5.2-6.el9_2.1.noarch",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23735"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-selinux-0:6.5.2-6.el9_2.1.noarch",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:keylime-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-base-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-registrar-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-selinux-0:6.5.2-6.el9_2.1.noarch",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-tenant-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:keylime-verifier-0:6.5.2-6.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:python3-keylime-0:6.5.2-6.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration"
}
]
}
RHSA-2025:23210
Vulnerability from csaf_redhat - Published: 2025-12-16 19:29 - Updated: 2025-12-22 20:41Summary
Red Hat Security Advisory: keylime security update
Notes
Topic
An update for keylime is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.
Security Fix(es):
* keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration (CVE-2025-13609)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for keylime is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.\n\nSecurity Fix(es):\n\n* keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration (CVE-2025-13609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23210",
"url": "https://access.redhat.com/errata/RHSA-2025:23210"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23210.json"
}
],
"title": "Red Hat Security Advisory: keylime security update",
"tracking": {
"current_release_date": "2025-12-22T20:41:18+00:00",
"generator": {
"date": "2025-12-22T20:41:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:23210",
"initial_release_date": "2025-12-16T19:29:15+00:00",
"revision_history": [
{
"date": "2025-12-16T19:29:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-16T19:29:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-22T20:41:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.12.1-11.el9_7.3.src",
"product": {
"name": "keylime-0:7.12.1-11.el9_7.3.src",
"product_id": "keylime-0:7.12.1-11.el9_7.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.12.1-11.el9_7.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.12.1-11.el9_7.3.aarch64",
"product": {
"name": "keylime-0:7.12.1-11.el9_7.3.aarch64",
"product_id": "keylime-0:7.12.1-11.el9_7.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.12.1-11.el9_7.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.12.1-11.el9_7.3.aarch64",
"product": {
"name": "keylime-base-0:7.12.1-11.el9_7.3.aarch64",
"product_id": "keylime-base-0:7.12.1-11.el9_7.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.12.1-11.el9_7.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.aarch64",
"product": {
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.aarch64",
"product_id": "keylime-registrar-0:7.12.1-11.el9_7.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.12.1-11.el9_7.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.aarch64",
"product": {
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.aarch64",
"product_id": "keylime-tenant-0:7.12.1-11.el9_7.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.12.1-11.el9_7.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.aarch64",
"product": {
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.aarch64",
"product_id": "keylime-verifier-0:7.12.1-11.el9_7.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.12.1-11.el9_7.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.12.1-11.el9_7.3.aarch64",
"product": {
"name": "python3-keylime-0:7.12.1-11.el9_7.3.aarch64",
"product_id": "python3-keylime-0:7.12.1-11.el9_7.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.12.1-11.el9_7.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.12.1-11.el9_7.3.ppc64le",
"product": {
"name": "keylime-0:7.12.1-11.el9_7.3.ppc64le",
"product_id": "keylime-0:7.12.1-11.el9_7.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.12.1-11.el9_7.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.12.1-11.el9_7.3.ppc64le",
"product": {
"name": "keylime-base-0:7.12.1-11.el9_7.3.ppc64le",
"product_id": "keylime-base-0:7.12.1-11.el9_7.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.12.1-11.el9_7.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.ppc64le",
"product": {
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.ppc64le",
"product_id": "keylime-registrar-0:7.12.1-11.el9_7.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.12.1-11.el9_7.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.ppc64le",
"product": {
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.ppc64le",
"product_id": "keylime-tenant-0:7.12.1-11.el9_7.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.12.1-11.el9_7.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.ppc64le",
"product": {
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.ppc64le",
"product_id": "keylime-verifier-0:7.12.1-11.el9_7.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.12.1-11.el9_7.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.12.1-11.el9_7.3.ppc64le",
"product": {
"name": "python3-keylime-0:7.12.1-11.el9_7.3.ppc64le",
"product_id": "python3-keylime-0:7.12.1-11.el9_7.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.12.1-11.el9_7.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.12.1-11.el9_7.3.x86_64",
"product": {
"name": "keylime-0:7.12.1-11.el9_7.3.x86_64",
"product_id": "keylime-0:7.12.1-11.el9_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.12.1-11.el9_7.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.12.1-11.el9_7.3.x86_64",
"product": {
"name": "keylime-base-0:7.12.1-11.el9_7.3.x86_64",
"product_id": "keylime-base-0:7.12.1-11.el9_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.12.1-11.el9_7.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.x86_64",
"product": {
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.x86_64",
"product_id": "keylime-registrar-0:7.12.1-11.el9_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.12.1-11.el9_7.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.x86_64",
"product": {
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.x86_64",
"product_id": "keylime-tenant-0:7.12.1-11.el9_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.12.1-11.el9_7.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.x86_64",
"product": {
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.x86_64",
"product_id": "keylime-verifier-0:7.12.1-11.el9_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.12.1-11.el9_7.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.12.1-11.el9_7.3.x86_64",
"product": {
"name": "python3-keylime-0:7.12.1-11.el9_7.3.x86_64",
"product_id": "python3-keylime-0:7.12.1-11.el9_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.12.1-11.el9_7.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.12.1-11.el9_7.3.s390x",
"product": {
"name": "keylime-0:7.12.1-11.el9_7.3.s390x",
"product_id": "keylime-0:7.12.1-11.el9_7.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.12.1-11.el9_7.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.12.1-11.el9_7.3.s390x",
"product": {
"name": "keylime-base-0:7.12.1-11.el9_7.3.s390x",
"product_id": "keylime-base-0:7.12.1-11.el9_7.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.12.1-11.el9_7.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.s390x",
"product": {
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.s390x",
"product_id": "keylime-registrar-0:7.12.1-11.el9_7.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.12.1-11.el9_7.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.s390x",
"product": {
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.s390x",
"product_id": "keylime-tenant-0:7.12.1-11.el9_7.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.12.1-11.el9_7.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.s390x",
"product": {
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.s390x",
"product_id": "keylime-verifier-0:7.12.1-11.el9_7.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.12.1-11.el9_7.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.12.1-11.el9_7.3.s390x",
"product": {
"name": "python3-keylime-0:7.12.1-11.el9_7.3.s390x",
"product_id": "python3-keylime-0:7.12.1-11.el9_7.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.12.1-11.el9_7.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-selinux-0:7.12.1-11.el9_7.3.noarch",
"product": {
"name": "keylime-selinux-0:7.12.1-11.el9_7.3.noarch",
"product_id": "keylime-selinux-0:7.12.1-11.el9_7.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-selinux@7.12.1-11.el9_7.3?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.12.1-11.el9_7.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.aarch64"
},
"product_reference": "keylime-0:7.12.1-11.el9_7.3.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.12.1-11.el9_7.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.ppc64le"
},
"product_reference": "keylime-0:7.12.1-11.el9_7.3.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.12.1-11.el9_7.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.s390x"
},
"product_reference": "keylime-0:7.12.1-11.el9_7.3.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.12.1-11.el9_7.3.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.src"
},
"product_reference": "keylime-0:7.12.1-11.el9_7.3.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.12.1-11.el9_7.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.x86_64"
},
"product_reference": "keylime-0:7.12.1-11.el9_7.3.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.12.1-11.el9_7.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.aarch64"
},
"product_reference": "keylime-base-0:7.12.1-11.el9_7.3.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.12.1-11.el9_7.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.ppc64le"
},
"product_reference": "keylime-base-0:7.12.1-11.el9_7.3.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.12.1-11.el9_7.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.s390x"
},
"product_reference": "keylime-base-0:7.12.1-11.el9_7.3.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.12.1-11.el9_7.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.x86_64"
},
"product_reference": "keylime-base-0:7.12.1-11.el9_7.3.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.aarch64"
},
"product_reference": "keylime-registrar-0:7.12.1-11.el9_7.3.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.ppc64le"
},
"product_reference": "keylime-registrar-0:7.12.1-11.el9_7.3.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.s390x"
},
"product_reference": "keylime-registrar-0:7.12.1-11.el9_7.3.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.12.1-11.el9_7.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.x86_64"
},
"product_reference": "keylime-registrar-0:7.12.1-11.el9_7.3.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-selinux-0:7.12.1-11.el9_7.3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-selinux-0:7.12.1-11.el9_7.3.noarch"
},
"product_reference": "keylime-selinux-0:7.12.1-11.el9_7.3.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.aarch64"
},
"product_reference": "keylime-tenant-0:7.12.1-11.el9_7.3.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.ppc64le"
},
"product_reference": "keylime-tenant-0:7.12.1-11.el9_7.3.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.s390x"
},
"product_reference": "keylime-tenant-0:7.12.1-11.el9_7.3.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.12.1-11.el9_7.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.x86_64"
},
"product_reference": "keylime-tenant-0:7.12.1-11.el9_7.3.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.aarch64"
},
"product_reference": "keylime-verifier-0:7.12.1-11.el9_7.3.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.ppc64le"
},
"product_reference": "keylime-verifier-0:7.12.1-11.el9_7.3.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.s390x"
},
"product_reference": "keylime-verifier-0:7.12.1-11.el9_7.3.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.12.1-11.el9_7.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.x86_64"
},
"product_reference": "keylime-verifier-0:7.12.1-11.el9_7.3.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.12.1-11.el9_7.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.aarch64"
},
"product_reference": "python3-keylime-0:7.12.1-11.el9_7.3.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.12.1-11.el9_7.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.ppc64le"
},
"product_reference": "python3-keylime-0:7.12.1-11.el9_7.3.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.12.1-11.el9_7.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.s390x"
},
"product_reference": "python3-keylime-0:7.12.1-11.el9_7.3.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.12.1-11.el9_7.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.x86_64"
},
"product_reference": "python3-keylime-0:7.12.1-11.el9_7.3.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13609",
"cwe": {
"id": "CWE-694",
"name": "Use of Multiple Resources with Duplicate Identifier"
},
"discovery_date": "2025-11-24T14:53:54.188000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416761"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as the Keylime registrar allows an attacker to perform an identity takeover. By registering a new agent with a duplicate UUID, an attacker can overwrite an existing agent\u0027s identity, enabling impersonation and potential bypass of security controls. This affects Keylime in Red Hat Enterprise Linux and Red Hat In-Vehicle OS.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.src",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-selinux-0:7.12.1-11.el9_7.3.noarch",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13609"
},
{
"category": "external",
"summary": "RHBZ#2416761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13609"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609"
}
],
"release_date": "2025-11-24T16:00:06.761000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T19:29:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.src",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-selinux-0:7.12.1-11.el9_7.3.noarch",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23210"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.src",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-selinux-0:7.12.1-11.el9_7.3.noarch",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.src",
"AppStream-9.7.0.Z.MAIN:keylime-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-base-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-registrar-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-selinux-0:7.12.1-11.el9_7.3.noarch",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-tenant-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:keylime-verifier-0:7.12.1-11.el9_7.3.x86_64",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.aarch64",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.ppc64le",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.s390x",
"AppStream-9.7.0.Z.MAIN:python3-keylime-0:7.12.1-11.el9_7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration"
}
]
}
RHSA-2025:23201
Vulnerability from csaf_redhat - Published: 2025-12-16 08:36 - Updated: 2025-12-22 20:41Summary
Red Hat Security Advisory: keylime security update
Notes
Topic
An update for keylime is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.
Security Fix(es):
* keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration (CVE-2025-13609)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for keylime is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.\n\nSecurity Fix(es):\n\n* keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration (CVE-2025-13609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23201",
"url": "https://access.redhat.com/errata/RHSA-2025:23201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23201.json"
}
],
"title": "Red Hat Security Advisory: keylime security update",
"tracking": {
"current_release_date": "2025-12-22T20:41:16+00:00",
"generator": {
"date": "2025-12-22T20:41:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:23201",
"initial_release_date": "2025-12-16T08:36:28+00:00",
"revision_history": [
{
"date": "2025-12-16T08:36:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-16T08:36:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-22T20:41:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.12.1-11.el10_1.3.src",
"product": {
"name": "keylime-0:7.12.1-11.el10_1.3.src",
"product_id": "keylime-0:7.12.1-11.el10_1.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.12.1-11.el10_1.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.12.1-11.el10_1.3.aarch64",
"product": {
"name": "keylime-0:7.12.1-11.el10_1.3.aarch64",
"product_id": "keylime-0:7.12.1-11.el10_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.12.1-11.el10_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.12.1-11.el10_1.3.aarch64",
"product": {
"name": "keylime-base-0:7.12.1-11.el10_1.3.aarch64",
"product_id": "keylime-base-0:7.12.1-11.el10_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.12.1-11.el10_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.aarch64",
"product": {
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.aarch64",
"product_id": "keylime-registrar-0:7.12.1-11.el10_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.12.1-11.el10_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.aarch64",
"product": {
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.aarch64",
"product_id": "keylime-tenant-0:7.12.1-11.el10_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.12.1-11.el10_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-tools-0:7.12.1-11.el10_1.3.aarch64",
"product": {
"name": "keylime-tools-0:7.12.1-11.el10_1.3.aarch64",
"product_id": "keylime-tools-0:7.12.1-11.el10_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tools@7.12.1-11.el10_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.aarch64",
"product": {
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.aarch64",
"product_id": "keylime-verifier-0:7.12.1-11.el10_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.12.1-11.el10_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.12.1-11.el10_1.3.aarch64",
"product": {
"name": "python3-keylime-0:7.12.1-11.el10_1.3.aarch64",
"product_id": "python3-keylime-0:7.12.1-11.el10_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.12.1-11.el10_1.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.12.1-11.el10_1.3.ppc64le",
"product": {
"name": "keylime-0:7.12.1-11.el10_1.3.ppc64le",
"product_id": "keylime-0:7.12.1-11.el10_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.12.1-11.el10_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.12.1-11.el10_1.3.ppc64le",
"product": {
"name": "keylime-base-0:7.12.1-11.el10_1.3.ppc64le",
"product_id": "keylime-base-0:7.12.1-11.el10_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.12.1-11.el10_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.ppc64le",
"product": {
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.ppc64le",
"product_id": "keylime-registrar-0:7.12.1-11.el10_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.12.1-11.el10_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.ppc64le",
"product": {
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.ppc64le",
"product_id": "keylime-tenant-0:7.12.1-11.el10_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.12.1-11.el10_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-tools-0:7.12.1-11.el10_1.3.ppc64le",
"product": {
"name": "keylime-tools-0:7.12.1-11.el10_1.3.ppc64le",
"product_id": "keylime-tools-0:7.12.1-11.el10_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tools@7.12.1-11.el10_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.ppc64le",
"product": {
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.ppc64le",
"product_id": "keylime-verifier-0:7.12.1-11.el10_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.12.1-11.el10_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.12.1-11.el10_1.3.ppc64le",
"product": {
"name": "python3-keylime-0:7.12.1-11.el10_1.3.ppc64le",
"product_id": "python3-keylime-0:7.12.1-11.el10_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.12.1-11.el10_1.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.12.1-11.el10_1.3.x86_64",
"product": {
"name": "keylime-0:7.12.1-11.el10_1.3.x86_64",
"product_id": "keylime-0:7.12.1-11.el10_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.12.1-11.el10_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.12.1-11.el10_1.3.x86_64",
"product": {
"name": "keylime-base-0:7.12.1-11.el10_1.3.x86_64",
"product_id": "keylime-base-0:7.12.1-11.el10_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.12.1-11.el10_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.x86_64",
"product": {
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.x86_64",
"product_id": "keylime-registrar-0:7.12.1-11.el10_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.12.1-11.el10_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.x86_64",
"product": {
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.x86_64",
"product_id": "keylime-tenant-0:7.12.1-11.el10_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.12.1-11.el10_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-tools-0:7.12.1-11.el10_1.3.x86_64",
"product": {
"name": "keylime-tools-0:7.12.1-11.el10_1.3.x86_64",
"product_id": "keylime-tools-0:7.12.1-11.el10_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tools@7.12.1-11.el10_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.x86_64",
"product": {
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.x86_64",
"product_id": "keylime-verifier-0:7.12.1-11.el10_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.12.1-11.el10_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.12.1-11.el10_1.3.x86_64",
"product": {
"name": "python3-keylime-0:7.12.1-11.el10_1.3.x86_64",
"product_id": "python3-keylime-0:7.12.1-11.el10_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.12.1-11.el10_1.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.12.1-11.el10_1.3.s390x",
"product": {
"name": "keylime-0:7.12.1-11.el10_1.3.s390x",
"product_id": "keylime-0:7.12.1-11.el10_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.12.1-11.el10_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.12.1-11.el10_1.3.s390x",
"product": {
"name": "keylime-base-0:7.12.1-11.el10_1.3.s390x",
"product_id": "keylime-base-0:7.12.1-11.el10_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.12.1-11.el10_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.s390x",
"product": {
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.s390x",
"product_id": "keylime-registrar-0:7.12.1-11.el10_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.12.1-11.el10_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.s390x",
"product": {
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.s390x",
"product_id": "keylime-tenant-0:7.12.1-11.el10_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.12.1-11.el10_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-tools-0:7.12.1-11.el10_1.3.s390x",
"product": {
"name": "keylime-tools-0:7.12.1-11.el10_1.3.s390x",
"product_id": "keylime-tools-0:7.12.1-11.el10_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tools@7.12.1-11.el10_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.s390x",
"product": {
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.s390x",
"product_id": "keylime-verifier-0:7.12.1-11.el10_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.12.1-11.el10_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.12.1-11.el10_1.3.s390x",
"product": {
"name": "python3-keylime-0:7.12.1-11.el10_1.3.s390x",
"product_id": "python3-keylime-0:7.12.1-11.el10_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.12.1-11.el10_1.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-selinux-0:7.12.1-11.el10_1.3.noarch",
"product": {
"name": "keylime-selinux-0:7.12.1-11.el10_1.3.noarch",
"product_id": "keylime-selinux-0:7.12.1-11.el10_1.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-selinux@7.12.1-11.el10_1.3?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.12.1-11.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.aarch64"
},
"product_reference": "keylime-0:7.12.1-11.el10_1.3.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.12.1-11.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.ppc64le"
},
"product_reference": "keylime-0:7.12.1-11.el10_1.3.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.12.1-11.el10_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.s390x"
},
"product_reference": "keylime-0:7.12.1-11.el10_1.3.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.12.1-11.el10_1.3.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.src"
},
"product_reference": "keylime-0:7.12.1-11.el10_1.3.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.12.1-11.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.x86_64"
},
"product_reference": "keylime-0:7.12.1-11.el10_1.3.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.12.1-11.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.aarch64"
},
"product_reference": "keylime-base-0:7.12.1-11.el10_1.3.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.12.1-11.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.ppc64le"
},
"product_reference": "keylime-base-0:7.12.1-11.el10_1.3.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.12.1-11.el10_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.s390x"
},
"product_reference": "keylime-base-0:7.12.1-11.el10_1.3.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.12.1-11.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.x86_64"
},
"product_reference": "keylime-base-0:7.12.1-11.el10_1.3.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.aarch64"
},
"product_reference": "keylime-registrar-0:7.12.1-11.el10_1.3.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.ppc64le"
},
"product_reference": "keylime-registrar-0:7.12.1-11.el10_1.3.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.s390x"
},
"product_reference": "keylime-registrar-0:7.12.1-11.el10_1.3.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.12.1-11.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.x86_64"
},
"product_reference": "keylime-registrar-0:7.12.1-11.el10_1.3.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-selinux-0:7.12.1-11.el10_1.3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-selinux-0:7.12.1-11.el10_1.3.noarch"
},
"product_reference": "keylime-selinux-0:7.12.1-11.el10_1.3.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.aarch64"
},
"product_reference": "keylime-tenant-0:7.12.1-11.el10_1.3.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.ppc64le"
},
"product_reference": "keylime-tenant-0:7.12.1-11.el10_1.3.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.s390x"
},
"product_reference": "keylime-tenant-0:7.12.1-11.el10_1.3.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.12.1-11.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.x86_64"
},
"product_reference": "keylime-tenant-0:7.12.1-11.el10_1.3.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tools-0:7.12.1-11.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.aarch64"
},
"product_reference": "keylime-tools-0:7.12.1-11.el10_1.3.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tools-0:7.12.1-11.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.ppc64le"
},
"product_reference": "keylime-tools-0:7.12.1-11.el10_1.3.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tools-0:7.12.1-11.el10_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.s390x"
},
"product_reference": "keylime-tools-0:7.12.1-11.el10_1.3.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tools-0:7.12.1-11.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.x86_64"
},
"product_reference": "keylime-tools-0:7.12.1-11.el10_1.3.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.aarch64"
},
"product_reference": "keylime-verifier-0:7.12.1-11.el10_1.3.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.ppc64le"
},
"product_reference": "keylime-verifier-0:7.12.1-11.el10_1.3.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.s390x"
},
"product_reference": "keylime-verifier-0:7.12.1-11.el10_1.3.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.12.1-11.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.x86_64"
},
"product_reference": "keylime-verifier-0:7.12.1-11.el10_1.3.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.12.1-11.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.aarch64"
},
"product_reference": "python3-keylime-0:7.12.1-11.el10_1.3.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.12.1-11.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.ppc64le"
},
"product_reference": "python3-keylime-0:7.12.1-11.el10_1.3.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.12.1-11.el10_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.s390x"
},
"product_reference": "python3-keylime-0:7.12.1-11.el10_1.3.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.12.1-11.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.x86_64"
},
"product_reference": "python3-keylime-0:7.12.1-11.el10_1.3.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13609",
"cwe": {
"id": "CWE-694",
"name": "Use of Multiple Resources with Duplicate Identifier"
},
"discovery_date": "2025-11-24T14:53:54.188000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416761"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as the Keylime registrar allows an attacker to perform an identity takeover. By registering a new agent with a duplicate UUID, an attacker can overwrite an existing agent\u0027s identity, enabling impersonation and potential bypass of security controls. This affects Keylime in Red Hat Enterprise Linux and Red Hat In-Vehicle OS.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.src",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-selinux-0:7.12.1-11.el10_1.3.noarch",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13609"
},
{
"category": "external",
"summary": "RHBZ#2416761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13609"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609"
}
],
"release_date": "2025-11-24T16:00:06.761000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T08:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.src",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-selinux-0:7.12.1-11.el10_1.3.noarch",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23201"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.src",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-selinux-0:7.12.1-11.el10_1.3.noarch",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.src",
"AppStream-10.1.Z:keylime-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-base-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-registrar-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-selinux-0:7.12.1-11.el10_1.3.noarch",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-tenant-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-tools-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:keylime-verifier-0:7.12.1-11.el10_1.3.x86_64",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.aarch64",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.ppc64le",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.s390x",
"AppStream-10.1.Z:python3-keylime-0:7.12.1-11.el10_1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration"
}
]
}
RHSA-2025:23852
Vulnerability from csaf_redhat - Published: 2025-12-22 11:43 - Updated: 2025-12-22 20:41Summary
Red Hat Security Advisory: keylime security update
Notes
Topic
An update for keylime is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.
Security Fix(es):
* keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration (CVE-2025-13609)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for keylime is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.\n\nSecurity Fix(es):\n\n* keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration (CVE-2025-13609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23852",
"url": "https://access.redhat.com/errata/RHSA-2025:23852"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23852.json"
}
],
"title": "Red Hat Security Advisory: keylime security update",
"tracking": {
"current_release_date": "2025-12-22T20:41:24+00:00",
"generator": {
"date": "2025-12-22T20:41:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:23852",
"initial_release_date": "2025-12-22T11:43:44+00:00",
"revision_history": [
{
"date": "2025-12-22T11:43:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-22T11:43:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-22T20:41:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.3.0-13.el9_4.1.src",
"product": {
"name": "keylime-0:7.3.0-13.el9_4.1.src",
"product_id": "keylime-0:7.3.0-13.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.3.0-13.el9_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.3.0-13.el9_4.1.aarch64",
"product": {
"name": "keylime-0:7.3.0-13.el9_4.1.aarch64",
"product_id": "keylime-0:7.3.0-13.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.3.0-13.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.3.0-13.el9_4.1.aarch64",
"product": {
"name": "keylime-base-0:7.3.0-13.el9_4.1.aarch64",
"product_id": "keylime-base-0:7.3.0-13.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.3.0-13.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.aarch64",
"product": {
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.aarch64",
"product_id": "keylime-registrar-0:7.3.0-13.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.3.0-13.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.aarch64",
"product": {
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.aarch64",
"product_id": "keylime-tenant-0:7.3.0-13.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.3.0-13.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.aarch64",
"product": {
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.aarch64",
"product_id": "keylime-verifier-0:7.3.0-13.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.3.0-13.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.3.0-13.el9_4.1.aarch64",
"product": {
"name": "python3-keylime-0:7.3.0-13.el9_4.1.aarch64",
"product_id": "python3-keylime-0:7.3.0-13.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.3.0-13.el9_4.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.3.0-13.el9_4.1.ppc64le",
"product": {
"name": "keylime-0:7.3.0-13.el9_4.1.ppc64le",
"product_id": "keylime-0:7.3.0-13.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.3.0-13.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.3.0-13.el9_4.1.ppc64le",
"product": {
"name": "keylime-base-0:7.3.0-13.el9_4.1.ppc64le",
"product_id": "keylime-base-0:7.3.0-13.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.3.0-13.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.ppc64le",
"product": {
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.ppc64le",
"product_id": "keylime-registrar-0:7.3.0-13.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.3.0-13.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.ppc64le",
"product": {
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.ppc64le",
"product_id": "keylime-tenant-0:7.3.0-13.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.3.0-13.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.ppc64le",
"product": {
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.ppc64le",
"product_id": "keylime-verifier-0:7.3.0-13.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.3.0-13.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.3.0-13.el9_4.1.ppc64le",
"product": {
"name": "python3-keylime-0:7.3.0-13.el9_4.1.ppc64le",
"product_id": "python3-keylime-0:7.3.0-13.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.3.0-13.el9_4.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.3.0-13.el9_4.1.x86_64",
"product": {
"name": "keylime-0:7.3.0-13.el9_4.1.x86_64",
"product_id": "keylime-0:7.3.0-13.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.3.0-13.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.3.0-13.el9_4.1.x86_64",
"product": {
"name": "keylime-base-0:7.3.0-13.el9_4.1.x86_64",
"product_id": "keylime-base-0:7.3.0-13.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.3.0-13.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.x86_64",
"product": {
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.x86_64",
"product_id": "keylime-registrar-0:7.3.0-13.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.3.0-13.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.x86_64",
"product": {
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.x86_64",
"product_id": "keylime-tenant-0:7.3.0-13.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.3.0-13.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.x86_64",
"product": {
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.x86_64",
"product_id": "keylime-verifier-0:7.3.0-13.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.3.0-13.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.3.0-13.el9_4.1.x86_64",
"product": {
"name": "python3-keylime-0:7.3.0-13.el9_4.1.x86_64",
"product_id": "python3-keylime-0:7.3.0-13.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.3.0-13.el9_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.3.0-13.el9_4.1.s390x",
"product": {
"name": "keylime-0:7.3.0-13.el9_4.1.s390x",
"product_id": "keylime-0:7.3.0-13.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.3.0-13.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.3.0-13.el9_4.1.s390x",
"product": {
"name": "keylime-base-0:7.3.0-13.el9_4.1.s390x",
"product_id": "keylime-base-0:7.3.0-13.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.3.0-13.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.s390x",
"product": {
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.s390x",
"product_id": "keylime-registrar-0:7.3.0-13.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.3.0-13.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.s390x",
"product": {
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.s390x",
"product_id": "keylime-tenant-0:7.3.0-13.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.3.0-13.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.s390x",
"product": {
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.s390x",
"product_id": "keylime-verifier-0:7.3.0-13.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.3.0-13.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.3.0-13.el9_4.1.s390x",
"product": {
"name": "python3-keylime-0:7.3.0-13.el9_4.1.s390x",
"product_id": "python3-keylime-0:7.3.0-13.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.3.0-13.el9_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-selinux-0:7.3.0-13.el9_4.1.noarch",
"product": {
"name": "keylime-selinux-0:7.3.0-13.el9_4.1.noarch",
"product_id": "keylime-selinux-0:7.3.0-13.el9_4.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-selinux@7.3.0-13.el9_4.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.3.0-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.aarch64"
},
"product_reference": "keylime-0:7.3.0-13.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.3.0-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.ppc64le"
},
"product_reference": "keylime-0:7.3.0-13.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.3.0-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.s390x"
},
"product_reference": "keylime-0:7.3.0-13.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.3.0-13.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.src"
},
"product_reference": "keylime-0:7.3.0-13.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.3.0-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.x86_64"
},
"product_reference": "keylime-0:7.3.0-13.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.3.0-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.aarch64"
},
"product_reference": "keylime-base-0:7.3.0-13.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.3.0-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.ppc64le"
},
"product_reference": "keylime-base-0:7.3.0-13.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.3.0-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.s390x"
},
"product_reference": "keylime-base-0:7.3.0-13.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.3.0-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.x86_64"
},
"product_reference": "keylime-base-0:7.3.0-13.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.aarch64"
},
"product_reference": "keylime-registrar-0:7.3.0-13.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.ppc64le"
},
"product_reference": "keylime-registrar-0:7.3.0-13.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.s390x"
},
"product_reference": "keylime-registrar-0:7.3.0-13.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.3.0-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.x86_64"
},
"product_reference": "keylime-registrar-0:7.3.0-13.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-selinux-0:7.3.0-13.el9_4.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-selinux-0:7.3.0-13.el9_4.1.noarch"
},
"product_reference": "keylime-selinux-0:7.3.0-13.el9_4.1.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.aarch64"
},
"product_reference": "keylime-tenant-0:7.3.0-13.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.ppc64le"
},
"product_reference": "keylime-tenant-0:7.3.0-13.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.s390x"
},
"product_reference": "keylime-tenant-0:7.3.0-13.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.3.0-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.x86_64"
},
"product_reference": "keylime-tenant-0:7.3.0-13.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.aarch64"
},
"product_reference": "keylime-verifier-0:7.3.0-13.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.ppc64le"
},
"product_reference": "keylime-verifier-0:7.3.0-13.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.s390x"
},
"product_reference": "keylime-verifier-0:7.3.0-13.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.3.0-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.x86_64"
},
"product_reference": "keylime-verifier-0:7.3.0-13.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.3.0-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.aarch64"
},
"product_reference": "python3-keylime-0:7.3.0-13.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.3.0-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.ppc64le"
},
"product_reference": "python3-keylime-0:7.3.0-13.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.3.0-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.s390x"
},
"product_reference": "python3-keylime-0:7.3.0-13.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.3.0-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.x86_64"
},
"product_reference": "python3-keylime-0:7.3.0-13.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13609",
"cwe": {
"id": "CWE-694",
"name": "Use of Multiple Resources with Duplicate Identifier"
},
"discovery_date": "2025-11-24T14:53:54.188000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416761"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as the Keylime registrar allows an attacker to perform an identity takeover. By registering a new agent with a duplicate UUID, an attacker can overwrite an existing agent\u0027s identity, enabling impersonation and potential bypass of security controls. This affects Keylime in Red Hat Enterprise Linux and Red Hat In-Vehicle OS.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-selinux-0:7.3.0-13.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13609"
},
{
"category": "external",
"summary": "RHBZ#2416761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13609"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609"
}
],
"release_date": "2025-11-24T16:00:06.761000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T11:43:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-selinux-0:7.3.0-13.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23852"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-selinux-0:7.3.0-13.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:keylime-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-base-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-registrar-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-selinux-0:7.3.0-13.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-tenant-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:keylime-verifier-0:7.3.0-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:python3-keylime-0:7.3.0-13.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration"
}
]
}
RHSA-2025:23628
Vulnerability from csaf_redhat - Published: 2025-12-18 10:20 - Updated: 2025-12-22 20:41Summary
Red Hat Security Advisory: keylime security update
Notes
Topic
An update for keylime is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.
Security Fix(es):
* keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration (CVE-2025-13609)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for keylime is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.\n\nSecurity Fix(es):\n\n* keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration (CVE-2025-13609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23628",
"url": "https://access.redhat.com/errata/RHSA-2025:23628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23628.json"
}
],
"title": "Red Hat Security Advisory: keylime security update",
"tracking": {
"current_release_date": "2025-12-22T20:41:22+00:00",
"generator": {
"date": "2025-12-22T20:41:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:23628",
"initial_release_date": "2025-12-18T10:20:07+00:00",
"revision_history": [
{
"date": "2025-12-18T10:20:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-18T10:20:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-22T20:41:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.3.0-15.el9_6.1.x86_64",
"product": {
"name": "keylime-0:7.3.0-15.el9_6.1.x86_64",
"product_id": "keylime-0:7.3.0-15.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.3.0-15.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.3.0-15.el9_6.1.x86_64",
"product": {
"name": "keylime-base-0:7.3.0-15.el9_6.1.x86_64",
"product_id": "keylime-base-0:7.3.0-15.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.3.0-15.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.x86_64",
"product": {
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.x86_64",
"product_id": "keylime-registrar-0:7.3.0-15.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.3.0-15.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.x86_64",
"product": {
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.x86_64",
"product_id": "keylime-tenant-0:7.3.0-15.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.3.0-15.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.x86_64",
"product": {
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.x86_64",
"product_id": "keylime-verifier-0:7.3.0-15.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.3.0-15.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.3.0-15.el9_6.1.x86_64",
"product": {
"name": "python3-keylime-0:7.3.0-15.el9_6.1.x86_64",
"product_id": "python3-keylime-0:7.3.0-15.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.3.0-15.el9_6.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.3.0-15.el9_6.1.s390x",
"product": {
"name": "keylime-0:7.3.0-15.el9_6.1.s390x",
"product_id": "keylime-0:7.3.0-15.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.3.0-15.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.3.0-15.el9_6.1.s390x",
"product": {
"name": "keylime-base-0:7.3.0-15.el9_6.1.s390x",
"product_id": "keylime-base-0:7.3.0-15.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.3.0-15.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.s390x",
"product": {
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.s390x",
"product_id": "keylime-registrar-0:7.3.0-15.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.3.0-15.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.s390x",
"product": {
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.s390x",
"product_id": "keylime-tenant-0:7.3.0-15.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.3.0-15.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.s390x",
"product": {
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.s390x",
"product_id": "keylime-verifier-0:7.3.0-15.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.3.0-15.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.3.0-15.el9_6.1.s390x",
"product": {
"name": "python3-keylime-0:7.3.0-15.el9_6.1.s390x",
"product_id": "python3-keylime-0:7.3.0-15.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.3.0-15.el9_6.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.3.0-15.el9_6.1.src",
"product": {
"name": "keylime-0:7.3.0-15.el9_6.1.src",
"product_id": "keylime-0:7.3.0-15.el9_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.3.0-15.el9_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.3.0-15.el9_6.1.aarch64",
"product": {
"name": "keylime-0:7.3.0-15.el9_6.1.aarch64",
"product_id": "keylime-0:7.3.0-15.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.3.0-15.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.3.0-15.el9_6.1.aarch64",
"product": {
"name": "keylime-base-0:7.3.0-15.el9_6.1.aarch64",
"product_id": "keylime-base-0:7.3.0-15.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.3.0-15.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.aarch64",
"product": {
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.aarch64",
"product_id": "keylime-registrar-0:7.3.0-15.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.3.0-15.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.aarch64",
"product": {
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.aarch64",
"product_id": "keylime-tenant-0:7.3.0-15.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.3.0-15.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.aarch64",
"product": {
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.aarch64",
"product_id": "keylime-verifier-0:7.3.0-15.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.3.0-15.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.3.0-15.el9_6.1.aarch64",
"product": {
"name": "python3-keylime-0:7.3.0-15.el9_6.1.aarch64",
"product_id": "python3-keylime-0:7.3.0-15.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.3.0-15.el9_6.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-0:7.3.0-15.el9_6.1.ppc64le",
"product": {
"name": "keylime-0:7.3.0-15.el9_6.1.ppc64le",
"product_id": "keylime-0:7.3.0-15.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime@7.3.0-15.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-base-0:7.3.0-15.el9_6.1.ppc64le",
"product": {
"name": "keylime-base-0:7.3.0-15.el9_6.1.ppc64le",
"product_id": "keylime-base-0:7.3.0-15.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-base@7.3.0-15.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.ppc64le",
"product": {
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.ppc64le",
"product_id": "keylime-registrar-0:7.3.0-15.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-registrar@7.3.0-15.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.ppc64le",
"product": {
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.ppc64le",
"product_id": "keylime-tenant-0:7.3.0-15.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-tenant@7.3.0-15.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.ppc64le",
"product": {
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.ppc64le",
"product_id": "keylime-verifier-0:7.3.0-15.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-verifier@7.3.0-15.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-keylime-0:7.3.0-15.el9_6.1.ppc64le",
"product": {
"name": "python3-keylime-0:7.3.0-15.el9_6.1.ppc64le",
"product_id": "python3-keylime-0:7.3.0-15.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-keylime@7.3.0-15.el9_6.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-selinux-0:7.3.0-15.el9_6.1.noarch",
"product": {
"name": "keylime-selinux-0:7.3.0-15.el9_6.1.noarch",
"product_id": "keylime-selinux-0:7.3.0-15.el9_6.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/keylime-selinux@7.3.0-15.el9_6.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.3.0-15.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.aarch64"
},
"product_reference": "keylime-0:7.3.0-15.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.3.0-15.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.ppc64le"
},
"product_reference": "keylime-0:7.3.0-15.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.3.0-15.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.s390x"
},
"product_reference": "keylime-0:7.3.0-15.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.3.0-15.el9_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.src"
},
"product_reference": "keylime-0:7.3.0-15.el9_6.1.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-0:7.3.0-15.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.x86_64"
},
"product_reference": "keylime-0:7.3.0-15.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.3.0-15.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.aarch64"
},
"product_reference": "keylime-base-0:7.3.0-15.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.3.0-15.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.ppc64le"
},
"product_reference": "keylime-base-0:7.3.0-15.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.3.0-15.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.s390x"
},
"product_reference": "keylime-base-0:7.3.0-15.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-base-0:7.3.0-15.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.x86_64"
},
"product_reference": "keylime-base-0:7.3.0-15.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.aarch64"
},
"product_reference": "keylime-registrar-0:7.3.0-15.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.ppc64le"
},
"product_reference": "keylime-registrar-0:7.3.0-15.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.s390x"
},
"product_reference": "keylime-registrar-0:7.3.0-15.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-0:7.3.0-15.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.x86_64"
},
"product_reference": "keylime-registrar-0:7.3.0-15.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-selinux-0:7.3.0-15.el9_6.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-selinux-0:7.3.0-15.el9_6.1.noarch"
},
"product_reference": "keylime-selinux-0:7.3.0-15.el9_6.1.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.aarch64"
},
"product_reference": "keylime-tenant-0:7.3.0-15.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.ppc64le"
},
"product_reference": "keylime-tenant-0:7.3.0-15.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.s390x"
},
"product_reference": "keylime-tenant-0:7.3.0-15.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-0:7.3.0-15.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.x86_64"
},
"product_reference": "keylime-tenant-0:7.3.0-15.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.aarch64"
},
"product_reference": "keylime-verifier-0:7.3.0-15.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.ppc64le"
},
"product_reference": "keylime-verifier-0:7.3.0-15.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.s390x"
},
"product_reference": "keylime-verifier-0:7.3.0-15.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-0:7.3.0-15.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.x86_64"
},
"product_reference": "keylime-verifier-0:7.3.0-15.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.3.0-15.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.aarch64"
},
"product_reference": "python3-keylime-0:7.3.0-15.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.3.0-15.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.ppc64le"
},
"product_reference": "python3-keylime-0:7.3.0-15.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.3.0-15.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.s390x"
},
"product_reference": "python3-keylime-0:7.3.0-15.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-keylime-0:7.3.0-15.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.x86_64"
},
"product_reference": "python3-keylime-0:7.3.0-15.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13609",
"cwe": {
"id": "CWE-694",
"name": "Use of Multiple Resources with Duplicate Identifier"
},
"discovery_date": "2025-11-24T14:53:54.188000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416761"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as the Keylime registrar allows an attacker to perform an identity takeover. By registering a new agent with a duplicate UUID, an attacker can overwrite an existing agent\u0027s identity, enabling impersonation and potential bypass of security controls. This affects Keylime in Red Hat Enterprise Linux and Red Hat In-Vehicle OS.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-selinux-0:7.3.0-15.el9_6.1.noarch",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13609"
},
{
"category": "external",
"summary": "RHBZ#2416761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13609"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609"
}
],
"release_date": "2025-11-24T16:00:06.761000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-18T10:20:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-selinux-0:7.3.0-15.el9_6.1.noarch",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23628"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-selinux-0:7.3.0-15.el9_6.1.noarch",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:keylime-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-base-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-registrar-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-selinux-0:7.3.0-15.el9_6.1.noarch",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-tenant-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:keylime-verifier-0:7.3.0-15.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:python3-keylime-0:7.3.0-15.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration"
}
]
}
SUSE-SU-2025:21194-1
Vulnerability from csaf_suse - Published: 2025-12-12 09:45 - Updated: 2025-12-12 09:45Summary
Security update for keylime
Notes
Title of the patch
Security update for keylime
Description of the patch
This update for keylime fixes the following issues:
Update to version 7.13.0+40.
Security issues fixed:
- CVE-2025-13609: possible agent identity takeover due to registrar allowing the registration of agents with duplicate
UUIDs (bsc#1254199).
- CVE-2025-1057: registrar denial-of-service due to backward incompatibility in database type handling (bsc#1237153).
Other issues fixed and changes:
- Version 7.13.0+40:
* Include new attestation information fields (#1818)
* Fix Database race conditions and SQLAlchemy 2.0 compatibility (#1823)
* push-model: require HTTPS for authentication and attestation endpoints
* Fix operational_state tracking in push mode attestations
* templates: add push model authentication config options to 2.5 templates
* Security: Hash authentication tokens in logs
* Fix stale IMA policy cache in verification
* Fix authentication behavior on failed attestations for push mode
* Add shared memory infrastructure for multiprocess communication
* Add agent authentication (challenge/response) protocol for push mode
* Add agent-driven (push) attestation protocol with PULL mode regression fixes (#1814)
* docs: Fix man page RST formatting for rst2man compatibility (#1813)
* Apply limit on keylime-policy workers
* tpm: fix ECC signature parsing to support variable-length coordinates
* tpm: fix ECC P-521 credential activation with consistent marshaling
* tpm: fix ECC P-521 coordinate validation
* Remove deprecated disabled_signing_algorithms configuration option (#1804)
* algorithms: add support for specific RSA algorithms
* algorithms: add support for specific ECC curve algorithms
* Created manpage for keylime-policy and edited manpages for keylime verifier, registrar, agent
* Manpage for keylime agent
* Manpage for keylime verifier
* Manpage for keylime registrar
* Use constants for timeout and max retries defaults
* verifier: Use timeout from `request_timeout` config option
* revocation_notifier: Use timeout setting from config file
* tenant: Set timeout when getting version from agent
* verify/evidence: SEV-SNP evidence type/verifier
* verify/evidence: Add evidence type to request JSON
- Version v7.13.0:
* Avoid re-encoding certificate stored in DB
* Revert "models: Do not re-encode certificate stored in DB"
* Revert "registrar_agent: Use pyasn1 to parse PEM"
* policy/sign: use print() when writing to /dev/stdout
* registrar_agent: Use pyasn1 to parse PEM
* models: Do not re-encode certificate stored in DB
* mba: normalize vendor_db in EV_EFI_VARIABLE_AUTHORITY events
* mb: support vendor_db as logged by newer shim versions
* mb: support EV_EFI_HANDOFF_TABLES events on PCR1
* Remove unnecessary configuration values
* cloud_verifier_tornado: handle exception in notify_error()
* requests_client: close the session at the end of the resource manager
* Manpage for keylime_tenant (#1786)
* Add 2.5 templates including Push Model changes
* Initial version of verify evidence API
* db: Do not read pool size and max overflow for sqlite
* Use context managers to close DB sessions
* revocations: Try to send notifications on shutdown
* verifier: Gracefully shutdown on signal
* Use `fork` as `multiprocessing` start method
* Fix inaccuracy in threat model and add reference to SBAT
* Explain TPM properties and expand vTPM discussion
* Fix invalid RST and update TOC
* Expand threat model page to include adversarial model
* Add --push-model option to avoid requests to agents
* templates: duplicate str_to_version() in the adjust script
* policy: fix mypy issues with rpm_repo
* revocation_notifier: fix mypy issue by replacing deprecated call
* Fix create_runtime_policy in python < 3.12
* Fix after review
* fixed CONSTANT names C0103 errors
* Extend meta_data field in verifierdb
* docs: update issue templates
* docs: add GitHub PR template with documentation reminders
* tpm_util: fix quote signature extraction for ECDSA
* registrar: Log API versions during startup
* Remove excessive logging on exception
* scripts: Fix coverage information downloading script
- Version v7.12.1:
* models: Add Base64Bytes type to read and write from the database
* Simplify response check from registrar
- Version v7.12.0:
* API: Add /version endpoint to registrar
* scripts: Download coverage data directly from Testing Farm
* docs: Add separate documentation for each API version
* scripts/create_runtime_policy.sh: fix path for the exclude list
* docs: add documentation for keylime-policy
* templates: Add the new agent.conf option 'api_versions'
* Enable autocompletion using argcomplete
* build(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2
* Configure EPEL-10 repo in packit-ci.fmf
* build(deps): bump codecov/codecov-action from 5.0.2 to 5.1.1
* build(deps): bump pypa/gh-action-pypi-publish from 1.12.0 to 1.12.3
* build(deps): bump docker/metadata-action from 5.5.1 to 5.6.1
* build(deps): bump docker/build-push-action from 6.9.0 to 6.10.0
* keylime-policy: improve error handling when provided a bad key (sign)
* keylime-policy: exit with status 1 when the commands failed
* keylime-policy: use Certificate() from models.base to validate certs
* keylime-policy: check for valid cert file when using x509 backend (sign)
* keylime-policy: fix help for "keylime-policy sign" verb
* tenant: Correctly log number of tries when deleting
* update TCTI environment variable usage
* build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2
* keylime-policy: add `create measured-boot' subcommand
* keylime-policy: add `sign runtime' subcommand
* keylime-policy: add logger to use with the policy tool
* installer.sh: Restore execution permission
* installer: Fix string comparison
* build(deps): bump docker/build-push-action from 6.7.0 to 6.9.0
* build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0
* build(deps): bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.0
* build(deps): bump actions/setup-python from 5.2.0 to 5.3.0
* installer.sh: updated EPEL, PEP668 Fix, logic fix
* build(deps): bump pypa/gh-action-pypi-publish from 1.10.3 to 1.11.0
* build(deps): bump actions/checkout from 4.2.1 to 4.2.2
* postgresql support for docker using psycopg2
* installer.sh: update package list, add workaround for PEP 668
* build(deps): bump actions/checkout from 4.2.0 to 4.2.1
* keylime.conf: full removal
* Drop pending SPDX-License-Identifier headers
* create_runtime_policy: Validate algorithm from IMA measurement log
* create-runtime-policy: Deal with SHA-256 and SM3_256 ambiguity
* create_runtime_policy: drop commment with test data
* create_runtime_policy: Use a common method to guess algorithm
* keylime-policy: rename tool to keylime-policy instead of keylime_policy
* keylime_policy: create runtime: remove --use-ima-measurement-list
* keylime_policy: use consistent arg names for create_runtime_policy
* build(deps): bump pypa/gh-action-pypi-publish from 1.10.2 to 1.10.3
* build(deps): bump actions/checkout from 4.1.7 to 4.2.0
* elchecking/example: workaround empty PK, KEK, db and dbx
* elchecking: add handling for EV_EFI_PLATFORM_FIRMWARE_BLOB2
* create_runtime_policy: Fix log level for debug messages
* build(deps): bump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.2
* build(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5
* pylintrc: Ignore too-many-positional-arguments check
* keylime/web/base/controller: Move TypeAlias definition out of class
* create_runtime_policy: Calculate digests in multiple threads
* create_runtime_policy: Allow rootfs to be in any directory
* keylime_policy: Calculate digests from each source separately
* create_runtime_policy: Simplify boot_aggregate parsing
* ima: Validate JSON when loading IMA Keyring from string
* docs: include IDevID page also in the sidebar
* docs: point to installation guide from RHEL and SLE Micro
* build(deps): bump actions/setup-python from 5.1.1 to 5.2.0
* build(deps): bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1
* change check_tpm_origin_check to a warning that does not prevent registration
* docs: Fix Runtime Policy JSON schema to reflect the reality
* Sets absolute path for files inside a rootfs dir
* policy/create_runtime_policy: fix handling of empty lines in exclude list
* keylime_policy: setting 'log_hash_alg' to 'sha1' (template-hash algo)
* codestyle: Assign CERTIFICATE_PRIVATE_KEY_TYPES directly (pyright)
* codestyle: convert bytearrays to bytes to get expected type (pyright)
* codestyle: Use new variables after changing datatype (pyright)
* cert_utils: add description why loading using cryptography might fail
* ima: list names of the runtime policies
* build(deps): bump docker/build-push-action from 6.6.1 to 6.7.0
* tox: Use python 3.10 instead of 3.6
* revocation_notifier: Use web_util to generate TLS context
* mba: Add a skip custom policies option when loading mba.
* build(deps): bump docker/build-push-action from 6.5.0 to 6.6.1
* build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1
* cmd/keylime_policy: add tool to handle keylime policies
* cert_utils: add is_x509_cert()
* common/algorithms: transform Encrypt and Sign class into enums
* common/algorithms: add method to calculate digest of a file
* build(deps): bump docker/build-push-action from 4.2.1 to 6.5.0
* build(deps): bump docker/login-action from 3.2.0 to 3.3.0
* build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1
* build(deps): bump docker/login-action from 3.2.0 to 3.3.0
* build(deps): bump docker/build-push-action from 6.4.1 to 6.5.0
* build(deps): bump docker/build-push-action from 4.2.1 to 6.4.1
* build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1
* build(deps): bump pre-commit/action from 3.0.0 to 3.0.1
* tpm: Replace KDFs and ECDH implementations with python-cryptography
* build(deps): bump codecov/codecov-action from 2.1.0 to 4.5.0
* build(deps): bump docker/login-action from 2.2.0 to 3.2.0
* build(deps): bump actions/setup-python from 2.3.4 to 5.1.1
* build(deps): bump actions/first-interaction
* build(deps): bump actions/checkout from 2.7.0 to 4.1.7
* revocation_notifier: Explicitly add CA certificate bundle
* Introduce new REST API framework and refactor registrar implementation
* mba: Support named measured boot policies
* tenant: add friendlier error message if mTLS CA is wrongly configured
* ca_impl_openssl: Mark extensions as critical following RFC 5280
* Include Authority Key Identifier in KL-generated certs
* verifier, tenant: make payload for agent completely optional
Patchnames
SUSE-SLES-16.0-104
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for keylime fixes the following issues:\n\nUpdate to version 7.13.0+40.\n\nSecurity issues fixed:\n\n- CVE-2025-13609: possible agent identity takeover due to registrar allowing the registration of agents with duplicate\n UUIDs (bsc#1254199).\n- CVE-2025-1057: registrar denial-of-service due to backward incompatibility in database type handling (bsc#1237153).\n\nOther issues fixed and changes:\n\n- Version 7.13.0+40:\n * Include new attestation information fields (#1818)\n * Fix Database race conditions and SQLAlchemy 2.0 compatibility (#1823)\n * push-model: require HTTPS for authentication and attestation endpoints\n * Fix operational_state tracking in push mode attestations\n * templates: add push model authentication config options to 2.5 templates\n * Security: Hash authentication tokens in logs\n * Fix stale IMA policy cache in verification\n * Fix authentication behavior on failed attestations for push mode\n * Add shared memory infrastructure for multiprocess communication\n * Add agent authentication (challenge/response) protocol for push mode\n * Add agent-driven (push) attestation protocol with PULL mode regression fixes (#1814)\n * docs: Fix man page RST formatting for rst2man compatibility (#1813)\n * Apply limit on keylime-policy workers\n * tpm: fix ECC signature parsing to support variable-length coordinates\n * tpm: fix ECC P-521 credential activation with consistent marshaling\n * tpm: fix ECC P-521 coordinate validation\n * Remove deprecated disabled_signing_algorithms configuration option (#1804)\n * algorithms: add support for specific RSA algorithms\n * algorithms: add support for specific ECC curve algorithms\n * Created manpage for keylime-policy and edited manpages for keylime verifier, registrar, agent\n * Manpage for keylime agent\n * Manpage for keylime verifier\n * Manpage for keylime registrar\n * Use constants for timeout and max retries defaults\n * verifier: Use timeout from `request_timeout` config option\n * revocation_notifier: Use timeout setting from config file\n * tenant: Set timeout when getting version from agent\n * verify/evidence: SEV-SNP evidence type/verifier\n * verify/evidence: Add evidence type to request JSON\n\n- Version v7.13.0:\n * Avoid re-encoding certificate stored in DB\n * Revert \"models: Do not re-encode certificate stored in DB\"\n * Revert \"registrar_agent: Use pyasn1 to parse PEM\"\n * policy/sign: use print() when writing to /dev/stdout\n * registrar_agent: Use pyasn1 to parse PEM\n * models: Do not re-encode certificate stored in DB\n * mba: normalize vendor_db in EV_EFI_VARIABLE_AUTHORITY events\n * mb: support vendor_db as logged by newer shim versions\n * mb: support EV_EFI_HANDOFF_TABLES events on PCR1\n * Remove unnecessary configuration values\n * cloud_verifier_tornado: handle exception in notify_error()\n * requests_client: close the session at the end of the resource manager\n * Manpage for keylime_tenant (#1786)\n * Add 2.5 templates including Push Model changes\n * Initial version of verify evidence API\n * db: Do not read pool size and max overflow for sqlite\n * Use context managers to close DB sessions\n * revocations: Try to send notifications on shutdown\n * verifier: Gracefully shutdown on signal\n * Use `fork` as `multiprocessing` start method\n * Fix inaccuracy in threat model and add reference to SBAT\n * Explain TPM properties and expand vTPM discussion\n * Fix invalid RST and update TOC\n * Expand threat model page to include adversarial model\n * Add --push-model option to avoid requests to agents\n * templates: duplicate str_to_version() in the adjust script\n * policy: fix mypy issues with rpm_repo\n * revocation_notifier: fix mypy issue by replacing deprecated call\n * Fix create_runtime_policy in python \u003c 3.12\n * Fix after review\n * fixed CONSTANT names C0103 errors\n * Extend meta_data field in verifierdb\n * docs: update issue templates\n * docs: add GitHub PR template with documentation reminders\n * tpm_util: fix quote signature extraction for ECDSA\n * registrar: Log API versions during startup\n * Remove excessive logging on exception\n * scripts: Fix coverage information downloading script\n\n- Version v7.12.1:\n * models: Add Base64Bytes type to read and write from the database\n * Simplify response check from registrar\n\n- Version v7.12.0:\n * API: Add /version endpoint to registrar\n * scripts: Download coverage data directly from Testing Farm\n * docs: Add separate documentation for each API version\n * scripts/create_runtime_policy.sh: fix path for the exclude list\n * docs: add documentation for keylime-policy\n * templates: Add the new agent.conf option \u0027api_versions\u0027\n * Enable autocompletion using argcomplete\n * build(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2\n * Configure EPEL-10 repo in packit-ci.fmf\n * build(deps): bump codecov/codecov-action from 5.0.2 to 5.1.1\n * build(deps): bump pypa/gh-action-pypi-publish from 1.12.0 to 1.12.3\n * build(deps): bump docker/metadata-action from 5.5.1 to 5.6.1\n * build(deps): bump docker/build-push-action from 6.9.0 to 6.10.0\n * keylime-policy: improve error handling when provided a bad key (sign)\n * keylime-policy: exit with status 1 when the commands failed\n * keylime-policy: use Certificate() from models.base to validate certs\n * keylime-policy: check for valid cert file when using x509 backend (sign)\n * keylime-policy: fix help for \"keylime-policy sign\" verb\n * tenant: Correctly log number of tries when deleting\n * update TCTI environment variable usage\n * build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2\n * keylime-policy: add `create measured-boot\u0027 subcommand\n * keylime-policy: add `sign runtime\u0027 subcommand\n * keylime-policy: add logger to use with the policy tool\n * installer.sh: Restore execution permission\n * installer: Fix string comparison\n * build(deps): bump docker/build-push-action from 6.7.0 to 6.9.0\n * build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0\n * build(deps): bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.0\n * build(deps): bump actions/setup-python from 5.2.0 to 5.3.0\n * installer.sh: updated EPEL, PEP668 Fix, logic fix\n * build(deps): bump pypa/gh-action-pypi-publish from 1.10.3 to 1.11.0\n * build(deps): bump actions/checkout from 4.2.1 to 4.2.2\n * postgresql support for docker using psycopg2\n * installer.sh: update package list, add workaround for PEP 668\n * build(deps): bump actions/checkout from 4.2.0 to 4.2.1\n * keylime.conf: full removal\n * Drop pending SPDX-License-Identifier headers\n * create_runtime_policy: Validate algorithm from IMA measurement log\n * create-runtime-policy: Deal with SHA-256 and SM3_256 ambiguity\n * create_runtime_policy: drop commment with test data\n * create_runtime_policy: Use a common method to guess algorithm\n * keylime-policy: rename tool to keylime-policy instead of keylime_policy\n * keylime_policy: create runtime: remove --use-ima-measurement-list\n * keylime_policy: use consistent arg names for create_runtime_policy\n * build(deps): bump pypa/gh-action-pypi-publish from 1.10.2 to 1.10.3\n * build(deps): bump actions/checkout from 4.1.7 to 4.2.0\n * elchecking/example: workaround empty PK, KEK, db and dbx\n * elchecking: add handling for EV_EFI_PLATFORM_FIRMWARE_BLOB2\n * create_runtime_policy: Fix log level for debug messages\n * build(deps): bump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.2\n * build(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5\n * pylintrc: Ignore too-many-positional-arguments check\n * keylime/web/base/controller: Move TypeAlias definition out of class\n * create_runtime_policy: Calculate digests in multiple threads\n * create_runtime_policy: Allow rootfs to be in any directory\n * keylime_policy: Calculate digests from each source separately\n * create_runtime_policy: Simplify boot_aggregate parsing\n * ima: Validate JSON when loading IMA Keyring from string\n * docs: include IDevID page also in the sidebar\n * docs: point to installation guide from RHEL and SLE Micro\n * build(deps): bump actions/setup-python from 5.1.1 to 5.2.0\n * build(deps): bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1\n * change check_tpm_origin_check to a warning that does not prevent registration\n * docs: Fix Runtime Policy JSON schema to reflect the reality\n * Sets absolute path for files inside a rootfs dir\n * policy/create_runtime_policy: fix handling of empty lines in exclude list\n * keylime_policy: setting \u0027log_hash_alg\u0027 to \u0027sha1\u0027 (template-hash algo)\n * codestyle: Assign CERTIFICATE_PRIVATE_KEY_TYPES directly (pyright)\n * codestyle: convert bytearrays to bytes to get expected type (pyright)\n * codestyle: Use new variables after changing datatype (pyright)\n * cert_utils: add description why loading using cryptography might fail\n * ima: list names of the runtime policies\n * build(deps): bump docker/build-push-action from 6.6.1 to 6.7.0\n * tox: Use python 3.10 instead of 3.6\n * revocation_notifier: Use web_util to generate TLS context\n * mba: Add a skip custom policies option when loading mba.\n * build(deps): bump docker/build-push-action from 6.5.0 to 6.6.1\n * build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1\n * cmd/keylime_policy: add tool to handle keylime policies\n * cert_utils: add is_x509_cert()\n * common/algorithms: transform Encrypt and Sign class into enums\n * common/algorithms: add method to calculate digest of a file\n * build(deps): bump docker/build-push-action from 4.2.1 to 6.5.0\n * build(deps): bump docker/login-action from 3.2.0 to 3.3.0\n * build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1\n * build(deps): bump docker/login-action from 3.2.0 to 3.3.0\n * build(deps): bump docker/build-push-action from 6.4.1 to 6.5.0\n * build(deps): bump docker/build-push-action from 4.2.1 to 6.4.1\n * build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1\n * build(deps): bump pre-commit/action from 3.0.0 to 3.0.1\n * tpm: Replace KDFs and ECDH implementations with python-cryptography\n * build(deps): bump codecov/codecov-action from 2.1.0 to 4.5.0\n * build(deps): bump docker/login-action from 2.2.0 to 3.2.0\n * build(deps): bump actions/setup-python from 2.3.4 to 5.1.1\n * build(deps): bump actions/first-interaction\n * build(deps): bump actions/checkout from 2.7.0 to 4.1.7\n * revocation_notifier: Explicitly add CA certificate bundle\n * Introduce new REST API framework and refactor registrar implementation\n * mba: Support named measured boot policies\n * tenant: add friendlier error message if mTLS CA is wrongly configured\n * ca_impl_openssl: Mark extensions as critical following RFC 5280\n * Include Authority Key Identifier in KL-generated certs\n * verifier, tenant: make payload for agent completely optional\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-104",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21194-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21194-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521194-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21194-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023547.html"
},
{
"category": "self",
"summary": "SUSE Bug 1237153",
"url": "https://bugzilla.suse.com/1237153"
},
{
"category": "self",
"summary": "SUSE Bug 1254199",
"url": "https://bugzilla.suse.com/1254199"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1057 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13609 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13609/"
}
],
"title": "Security update for keylime",
"tracking": {
"current_release_date": "2025-12-12T09:45:03Z",
"generator": {
"date": "2025-12-12T09:45:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21194-1",
"initial_release_date": "2025-12-12T09:45:03Z",
"revision_history": [
{
"date": "2025-12-12T09:45:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-config-7.13.0+40-160000.1.1.noarch",
"product": {
"name": "keylime-config-7.13.0+40-160000.1.1.noarch",
"product_id": "keylime-config-7.13.0+40-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"product": {
"name": "keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"product_id": "keylime-firewalld-7.13.0+40-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"product": {
"name": "keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"product_id": "keylime-logrotate-7.13.0+40-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-registrar-7.13.0+40-160000.1.1.noarch",
"product": {
"name": "keylime-registrar-7.13.0+40-160000.1.1.noarch",
"product_id": "keylime-registrar-7.13.0+40-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-tenant-7.13.0+40-160000.1.1.noarch",
"product": {
"name": "keylime-tenant-7.13.0+40-160000.1.1.noarch",
"product_id": "keylime-tenant-7.13.0+40-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"product": {
"name": "keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"product_id": "keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "keylime-verifier-7.13.0+40-160000.1.1.noarch",
"product": {
"name": "keylime-verifier-7.13.0+40-160000.1.1.noarch",
"product_id": "keylime-verifier-7.13.0+40-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "python313-keylime-7.13.0+40-160000.1.1.noarch",
"product": {
"name": "python313-keylime-7.13.0+40-160000.1.1.noarch",
"product_id": "python313-keylime-7.13.0+40-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-config-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-config-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-registrar-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-tenant-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-verifier-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "python313-keylime-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-config-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-registrar-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-tenant-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "keylime-verifier-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.13.0+40-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch"
},
"product_reference": "python313-keylime-7.13.0+40-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1057"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas the updated registrar expects str. This issue leads to an exception when processing agent registration requests, causing the agent to fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:keylime-config-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1057",
"url": "https://www.suse.com/security/cve/CVE-2025-1057"
},
{
"category": "external",
"summary": "SUSE Bug 1237153 for CVE-2025-1057",
"url": "https://bugzilla.suse.com/1237153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:keylime-config-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-12T09:45:03Z",
"details": "moderate"
}
],
"title": "CVE-2025-1057"
},
{
"cve": "CVE-2025-13609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13609"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:keylime-config-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13609",
"url": "https://www.suse.com/security/cve/CVE-2025-13609"
},
{
"category": "external",
"summary": "SUSE Bug 1254199 for CVE-2025-13609",
"url": "https://bugzilla.suse.com/1254199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:keylime-config-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:keylime-config-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.13.0+40-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.13.0+40-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-12T09:45:03Z",
"details": "critical"
}
],
"title": "CVE-2025-13609"
}
]
}
OPENSUSE-SU-2025:15811-1
Vulnerability from csaf_opensuse - Published: 2025-12-10 00:00 - Updated: 2025-12-10 00:00Summary
keylime-config-7.13.0+40-1.1 on GA media
Notes
Title of the patch
keylime-config-7.13.0+40-1.1 on GA media
Description of the patch
These are all security issues fixed in the keylime-config-7.13.0+40-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15811
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "keylime-config-7.13.0+40-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the keylime-config-7.13.0+40-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15811",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15811-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13609 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13609/"
}
],
"title": "keylime-config-7.13.0+40-1.1 on GA media",
"tracking": {
"current_release_date": "2025-12-10T00:00:00Z",
"generator": {
"date": "2025-12-10T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15811-1",
"initial_release_date": "2025-12-10T00:00:00Z",
"revision_history": [
{
"date": "2025-12-10T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-config-7.13.0+40-1.1.aarch64",
"product": {
"name": "keylime-config-7.13.0+40-1.1.aarch64",
"product_id": "keylime-config-7.13.0+40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-firewalld-7.13.0+40-1.1.aarch64",
"product": {
"name": "keylime-firewalld-7.13.0+40-1.1.aarch64",
"product_id": "keylime-firewalld-7.13.0+40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-logrotate-7.13.0+40-1.1.aarch64",
"product": {
"name": "keylime-logrotate-7.13.0+40-1.1.aarch64",
"product_id": "keylime-logrotate-7.13.0+40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-registrar-7.13.0+40-1.1.aarch64",
"product": {
"name": "keylime-registrar-7.13.0+40-1.1.aarch64",
"product_id": "keylime-registrar-7.13.0+40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-tenant-7.13.0+40-1.1.aarch64",
"product": {
"name": "keylime-tenant-7.13.0+40-1.1.aarch64",
"product_id": "keylime-tenant-7.13.0+40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.aarch64",
"product": {
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.aarch64",
"product_id": "keylime-tpm_cert_store-7.13.0+40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "keylime-verifier-7.13.0+40-1.1.aarch64",
"product": {
"name": "keylime-verifier-7.13.0+40-1.1.aarch64",
"product_id": "keylime-verifier-7.13.0+40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-keylime-7.13.0+40-1.1.aarch64",
"product": {
"name": "python311-keylime-7.13.0+40-1.1.aarch64",
"product_id": "python311-keylime-7.13.0+40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-keylime-7.13.0+40-1.1.aarch64",
"product": {
"name": "python312-keylime-7.13.0+40-1.1.aarch64",
"product_id": "python312-keylime-7.13.0+40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-keylime-7.13.0+40-1.1.aarch64",
"product": {
"name": "python313-keylime-7.13.0+40-1.1.aarch64",
"product_id": "python313-keylime-7.13.0+40-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-config-7.13.0+40-1.1.ppc64le",
"product": {
"name": "keylime-config-7.13.0+40-1.1.ppc64le",
"product_id": "keylime-config-7.13.0+40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-firewalld-7.13.0+40-1.1.ppc64le",
"product": {
"name": "keylime-firewalld-7.13.0+40-1.1.ppc64le",
"product_id": "keylime-firewalld-7.13.0+40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-logrotate-7.13.0+40-1.1.ppc64le",
"product": {
"name": "keylime-logrotate-7.13.0+40-1.1.ppc64le",
"product_id": "keylime-logrotate-7.13.0+40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-registrar-7.13.0+40-1.1.ppc64le",
"product": {
"name": "keylime-registrar-7.13.0+40-1.1.ppc64le",
"product_id": "keylime-registrar-7.13.0+40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-tenant-7.13.0+40-1.1.ppc64le",
"product": {
"name": "keylime-tenant-7.13.0+40-1.1.ppc64le",
"product_id": "keylime-tenant-7.13.0+40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.ppc64le",
"product": {
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.ppc64le",
"product_id": "keylime-tpm_cert_store-7.13.0+40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "keylime-verifier-7.13.0+40-1.1.ppc64le",
"product": {
"name": "keylime-verifier-7.13.0+40-1.1.ppc64le",
"product_id": "keylime-verifier-7.13.0+40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-keylime-7.13.0+40-1.1.ppc64le",
"product": {
"name": "python311-keylime-7.13.0+40-1.1.ppc64le",
"product_id": "python311-keylime-7.13.0+40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-keylime-7.13.0+40-1.1.ppc64le",
"product": {
"name": "python312-keylime-7.13.0+40-1.1.ppc64le",
"product_id": "python312-keylime-7.13.0+40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-keylime-7.13.0+40-1.1.ppc64le",
"product": {
"name": "python313-keylime-7.13.0+40-1.1.ppc64le",
"product_id": "python313-keylime-7.13.0+40-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-config-7.13.0+40-1.1.s390x",
"product": {
"name": "keylime-config-7.13.0+40-1.1.s390x",
"product_id": "keylime-config-7.13.0+40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-firewalld-7.13.0+40-1.1.s390x",
"product": {
"name": "keylime-firewalld-7.13.0+40-1.1.s390x",
"product_id": "keylime-firewalld-7.13.0+40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-logrotate-7.13.0+40-1.1.s390x",
"product": {
"name": "keylime-logrotate-7.13.0+40-1.1.s390x",
"product_id": "keylime-logrotate-7.13.0+40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-registrar-7.13.0+40-1.1.s390x",
"product": {
"name": "keylime-registrar-7.13.0+40-1.1.s390x",
"product_id": "keylime-registrar-7.13.0+40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-tenant-7.13.0+40-1.1.s390x",
"product": {
"name": "keylime-tenant-7.13.0+40-1.1.s390x",
"product_id": "keylime-tenant-7.13.0+40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.s390x",
"product": {
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.s390x",
"product_id": "keylime-tpm_cert_store-7.13.0+40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "keylime-verifier-7.13.0+40-1.1.s390x",
"product": {
"name": "keylime-verifier-7.13.0+40-1.1.s390x",
"product_id": "keylime-verifier-7.13.0+40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-keylime-7.13.0+40-1.1.s390x",
"product": {
"name": "python311-keylime-7.13.0+40-1.1.s390x",
"product_id": "python311-keylime-7.13.0+40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-keylime-7.13.0+40-1.1.s390x",
"product": {
"name": "python312-keylime-7.13.0+40-1.1.s390x",
"product_id": "python312-keylime-7.13.0+40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-keylime-7.13.0+40-1.1.s390x",
"product": {
"name": "python313-keylime-7.13.0+40-1.1.s390x",
"product_id": "python313-keylime-7.13.0+40-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-config-7.13.0+40-1.1.x86_64",
"product": {
"name": "keylime-config-7.13.0+40-1.1.x86_64",
"product_id": "keylime-config-7.13.0+40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-firewalld-7.13.0+40-1.1.x86_64",
"product": {
"name": "keylime-firewalld-7.13.0+40-1.1.x86_64",
"product_id": "keylime-firewalld-7.13.0+40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-logrotate-7.13.0+40-1.1.x86_64",
"product": {
"name": "keylime-logrotate-7.13.0+40-1.1.x86_64",
"product_id": "keylime-logrotate-7.13.0+40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-registrar-7.13.0+40-1.1.x86_64",
"product": {
"name": "keylime-registrar-7.13.0+40-1.1.x86_64",
"product_id": "keylime-registrar-7.13.0+40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-tenant-7.13.0+40-1.1.x86_64",
"product": {
"name": "keylime-tenant-7.13.0+40-1.1.x86_64",
"product_id": "keylime-tenant-7.13.0+40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.x86_64",
"product": {
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.x86_64",
"product_id": "keylime-tpm_cert_store-7.13.0+40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "keylime-verifier-7.13.0+40-1.1.x86_64",
"product": {
"name": "keylime-verifier-7.13.0+40-1.1.x86_64",
"product_id": "keylime-verifier-7.13.0+40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-keylime-7.13.0+40-1.1.x86_64",
"product": {
"name": "python311-keylime-7.13.0+40-1.1.x86_64",
"product_id": "python311-keylime-7.13.0+40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-keylime-7.13.0+40-1.1.x86_64",
"product": {
"name": "python312-keylime-7.13.0+40-1.1.x86_64",
"product_id": "python312-keylime-7.13.0+40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-keylime-7.13.0+40-1.1.x86_64",
"product": {
"name": "python313-keylime-7.13.0+40-1.1.x86_64",
"product_id": "python313-keylime-7.13.0+40-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.13.0+40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.aarch64"
},
"product_reference": "keylime-config-7.13.0+40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.13.0+40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.ppc64le"
},
"product_reference": "keylime-config-7.13.0+40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.13.0+40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.s390x"
},
"product_reference": "keylime-config-7.13.0+40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-config-7.13.0+40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.x86_64"
},
"product_reference": "keylime-config-7.13.0+40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.13.0+40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.aarch64"
},
"product_reference": "keylime-firewalld-7.13.0+40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.13.0+40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.ppc64le"
},
"product_reference": "keylime-firewalld-7.13.0+40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.13.0+40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.s390x"
},
"product_reference": "keylime-firewalld-7.13.0+40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-firewalld-7.13.0+40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.x86_64"
},
"product_reference": "keylime-firewalld-7.13.0+40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.13.0+40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.aarch64"
},
"product_reference": "keylime-logrotate-7.13.0+40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.13.0+40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.ppc64le"
},
"product_reference": "keylime-logrotate-7.13.0+40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.13.0+40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.s390x"
},
"product_reference": "keylime-logrotate-7.13.0+40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-logrotate-7.13.0+40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.x86_64"
},
"product_reference": "keylime-logrotate-7.13.0+40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.13.0+40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.aarch64"
},
"product_reference": "keylime-registrar-7.13.0+40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.13.0+40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.ppc64le"
},
"product_reference": "keylime-registrar-7.13.0+40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.13.0+40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.s390x"
},
"product_reference": "keylime-registrar-7.13.0+40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-registrar-7.13.0+40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.x86_64"
},
"product_reference": "keylime-registrar-7.13.0+40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.13.0+40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.aarch64"
},
"product_reference": "keylime-tenant-7.13.0+40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.13.0+40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.ppc64le"
},
"product_reference": "keylime-tenant-7.13.0+40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.13.0+40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.s390x"
},
"product_reference": "keylime-tenant-7.13.0+40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tenant-7.13.0+40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.x86_64"
},
"product_reference": "keylime-tenant-7.13.0+40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.aarch64"
},
"product_reference": "keylime-tpm_cert_store-7.13.0+40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.ppc64le"
},
"product_reference": "keylime-tpm_cert_store-7.13.0+40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.s390x"
},
"product_reference": "keylime-tpm_cert_store-7.13.0+40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-tpm_cert_store-7.13.0+40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.x86_64"
},
"product_reference": "keylime-tpm_cert_store-7.13.0+40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.13.0+40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.aarch64"
},
"product_reference": "keylime-verifier-7.13.0+40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.13.0+40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.ppc64le"
},
"product_reference": "keylime-verifier-7.13.0+40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.13.0+40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.s390x"
},
"product_reference": "keylime-verifier-7.13.0+40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-verifier-7.13.0+40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.x86_64"
},
"product_reference": "keylime-verifier-7.13.0+40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-keylime-7.13.0+40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.aarch64"
},
"product_reference": "python311-keylime-7.13.0+40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-keylime-7.13.0+40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.ppc64le"
},
"product_reference": "python311-keylime-7.13.0+40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-keylime-7.13.0+40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.s390x"
},
"product_reference": "python311-keylime-7.13.0+40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-keylime-7.13.0+40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.x86_64"
},
"product_reference": "python311-keylime-7.13.0+40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-keylime-7.13.0+40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.aarch64"
},
"product_reference": "python312-keylime-7.13.0+40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-keylime-7.13.0+40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.ppc64le"
},
"product_reference": "python312-keylime-7.13.0+40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-keylime-7.13.0+40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.s390x"
},
"product_reference": "python312-keylime-7.13.0+40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-keylime-7.13.0+40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.x86_64"
},
"product_reference": "python312-keylime-7.13.0+40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.13.0+40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.aarch64"
},
"product_reference": "python313-keylime-7.13.0+40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.13.0+40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.ppc64le"
},
"product_reference": "python313-keylime-7.13.0+40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.13.0+40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.s390x"
},
"product_reference": "python313-keylime-7.13.0+40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-keylime-7.13.0+40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.x86_64"
},
"product_reference": "python313-keylime-7.13.0+40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13609"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13609",
"url": "https://www.suse.com/security/cve/CVE-2025-13609"
},
{
"category": "external",
"summary": "SUSE Bug 1254199 for CVE-2025-13609",
"url": "https://bugzilla.suse.com/1254199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-config-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-firewalld-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-logrotate-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-registrar-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-tenant-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-tpm_cert_store-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:keylime-verifier-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:python311-keylime-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:python312-keylime-7.13.0+40-1.1.x86_64",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.aarch64",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.ppc64le",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.s390x",
"openSUSE Tumbleweed:python313-keylime-7.13.0+40-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-10T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-13609"
}
]
}
GHSA-XH5W-G8GQ-R3V9
Vulnerability from github – Published: 2025-11-24 18:31 – Updated: 2025-12-22 12:30
VLAI?
Summary
Keylime allows users to register new agents by recycling existing UUIDs when using different TPM devices
Details
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
Severity ?
8.2 (High)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "keylime"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.13.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-13609"
],
"database_specific": {
"cwe_ids": [
"CWE-694"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-26T19:32:37Z",
"nvd_published_at": "2025-11-24T18:15:49Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.",
"id": "GHSA-xh5w-g8gq-r3v9",
"modified": "2025-12-22T12:30:20Z",
"published": "2025-11-24T18:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609"
},
{
"type": "WEB",
"url": "https://github.com/keylime/keylime/pull/1785"
},
{
"type": "WEB",
"url": "https://github.com/keylime/keylime/commit/e1ae8de1f7b1385eaeec66572a92ff1338e6e157"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:23201"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:23210"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:23628"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:23735"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:23852"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-13609"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
},
{
"type": "PACKAGE",
"url": "https://github.com/keylime/keylime"
},
{
"type": "WEB",
"url": "https://github.com/keylime/keylime/releases/tag/v7.13.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Keylime allows users to register new agents by recycling existing UUIDs when using different TPM devices"
}
WID-SEC-W-2025-2849
Vulnerability from csaf_certbund - Published: 2025-12-15 23:00 - Updated: 2025-12-21 23:00Summary
Red Hat Enterprise Linux (Keylime): Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen und sich als der kompromittierte Agent auszugeben.
Betroffene Betriebssysteme
- UNIX
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen und sich als der kompromittierte Agent auszugeben.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2849 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2849.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2849 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2849"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-12-15",
"url": "https://access.redhat.com/errata/RHSA-2025:23201"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23210 vom 2025-12-17",
"url": "https://errata.build.resf.org/RLSA-2025:23210"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23210 vom 2025-12-17",
"url": "https://linux.oracle.com/errata/ELSA-2025-23210.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23210 vom 2025-12-16",
"url": "https://access.redhat.com/errata/RHSA-2025:23210"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23201 vom 2025-12-17",
"url": "https://linux.oracle.com/errata/ELSA-2025-23201.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23201 vom 2025-12-18",
"url": "https://errata.build.resf.org/RLSA-2025:23201"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23628 vom 2025-12-18",
"url": "https://access.redhat.com/errata/RHSA-2025:23628"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23735 vom 2025-12-22",
"url": "https://access.redhat.com/errata/RHSA-2025:23735"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Keylime): Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2025-12-21T23:00:00.000+00:00",
"generator": {
"date": "2025-12-22T08:55:32.055+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2849",
"initial_release_date": "2025-12-15T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-12-15T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-12-16T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2025-12-17T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-12-21T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "10",
"product": {
"name": "Red Hat Enterprise Linux 10",
"product_id": "T049439",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13609",
"product_status": {
"known_affected": [
"T049439",
"67646",
"T004914",
"T032255"
]
},
"release_date": "2025-12-15T23:00:00.000+00:00",
"title": "CVE-2025-13609"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…