{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70887", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-27T19:43:12.486Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T18:55:32.212Z"}, "descriptions": [{"lang": "en", "value": "An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ralphje/signify/issues/60"}, {"url": "https://github.com/ralphje/signify/commit/64f21c0cc06cea0536370686ca3ba7a01e4adaa8"}, {"url": "https://github.com/mtrojnar/osslsigncode/issues/475"}, {"url": "https://github.com/mtrojnar/osslsigncode/pull/477"}, {"url": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.11"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T19:41:52.414592Z", "id": "CVE-2025-70887", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:43:12.486Z"}}]}, "dataVersion": "5.2"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ralphje:signify:*:*:*:*:*:python:*:*", "matchCriteriaId": "2709D8CE-57FF-434F-81BE-D5F6C26A4AD5", "versionEndExcluding": "0.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components"}, {"lang": "es", "value": "Un problema en ralphje Signify antes de la v.0.9.2 permite a un atacante remoto escalar privilegios a trav\u00e9s de los componentes signed_data.py y context.py"}], "id": "CVE-2025-70887", "lastModified": "2026-04-01T13:59:07.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T19:16:28.130", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://github.com/mtrojnar/osslsigncode/issues/475"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://github.com/mtrojnar/osslsigncode/pull/477"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.11"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/ralphje/signify/commit/64f21c0cc06cea0536370686ca3ba7a01e4adaa8"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/ralphje/signify/issues/60"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.9.2)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "signify", "vendor": "ralphje"}], "analysis": {"en": {"generated_at": "2026-04-02T04:18:01.722003+00:00", "value": {"mitigation_remediation": ["Upgrade Signify to version 0.9.2 or later", "If an immediate upgrade is not feasible, restrict or isolate access to the signed_data.py and context.py modules to prevent exploitation", "Monitor logs for any anomalies related to signed data handling and investigate promptly"], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation (Remote)"}, "threat_synthesis": {"affected_systems": "The affected product is Signify, distributed under the Python package ralphje:signify. All versions before 0.9.2 are vulnerable; no other vendors or product versions are listed.", "description_and_impact": "The vulnerability resides in the Python implementation of Signify, affecting all releases prior to version 0.9.2. A remote attacker can manipulate the signed_data.py and context.py modules to perform a privilege escalation, which aligns with the CWE\u2011269 classification. By altering signed data handling, the attacker may obtain elevated permissions within the system, potentially allowing them to execute arbitrary code with higher privileges.", "risk_and_exploitability": "The vulnerability is scored highly with a CVSS value of 8.8, indicating significant potential impact. Exploit likelihood appears low, and it is not currently recorded as a known exploited vulnerability in the public catalog. The flaw is likely triggered by a remote actor who can provide crafted signed data to the vulnerable components, enabling the privilege escalation path described above."}}}}, "created": "2026-03-25T20:56:56.436992+00:00", "updated": "2026-04-02T07:59:18.716450+00:00", "vendors": ["ralphje", "ralphje$PRODUCT$signify"]}