Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

Published: Mar 19, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-30258
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.7
AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

CWEs:

CWE-754

Affected Software
References

Software	From	Fixed in
gnupg / gnupg	-	2.4.8
gnupg / gnupg	2.5.0	2.5.5

https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158
https://dev.gnupg.org/T7527
https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo