{"uuid": "31427b37-701f-4a52-bfdd-2183ab6e4955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2885", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9231", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2885\n\ud83d\udd25 CVSS Score: 5.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: When updating the root role, a TUF client must establish a trusted line of continuity to the latest set of keys. While sequentially downloading new versions of the root metadata file, tough will not check that the root object version it received was the next sequential version from the previously trusted root metadata. As a result, tough could trust content associated with a previous root role. The tough client will trust an unexpected root role in the event that an actor with control of the storage medium of a trusted TUF repository inappropriately replaced the contents of one of the root metadata files with an adequately signed previous version. As a result, tough could trust content associated with a previous root role.\n\ud83d\udccf Published: 2025-03-27T22:18:11.727Z\n\ud83d\udccf Modified: 2025-03-27T22:18:11.727Z\n\ud83d\udd17 References:\n1. https://github.com/awslabs/tough/security/advisories/GHSA-5vmp-m5v2-hx47\n2. https://aws.amazon.com/security/security-bulletins/AWS-2025-007/", "creation_timestamp": "2025-03-27T22:36:39.000000Z"}