CVE-2025-0509

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-0509

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-0509.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-0509

Aliases

GHSA-wc9m-r3v6-9p5h

Related

UBUNTU-CVE-2025-0509

Published

2025-02-04T20:15:49Z

Modified

2025-02-18T02:00:09.156097Z

Summary

[none]

Details

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.

References

Affected packages

Git / github.com/sparkle-project/sparkle

Affected ranges

Type: GIT
Repo: https://github.com/sparkle-project/sparkle
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0ef1ee0220239b3776f433314515fd849025673f

Affected versions

1.*

1.10.0

1.10.0rc1

1.11.0

1.11.0rc1

1.11.0rc2

1.11.1

1.12.0

1.12.0a1

1.12.0a2

1.12.0a3

1.12.0b1

1.13.0

1.13.1

1.13.1-mistagged

1.14.0

1.14.0rc1

1.14.0rc2

1.14.0rc3

1.15.0

1.15.0b1

1.15.0b2

1.15.0b3

1.15.1

1.16.0

1.16.0a1

1.16.0a2

1.16.0b1

1.17.0

1.17.0a1

1.17.0b1

1.18.0

1.18.0a1

1.18.0b2

1.18.1

1.19.0

1.19.0rc1

1.19.0rc2

1.19.1a1

1.19.1rc1

1.20.0

1.20.0b1

1.6.0

1.6.1

1.7.0

1.7.1

1.8.0

1.9.0

1.9.0rc1

2.*

2.0.0

2.0.0-beta.1

2.0.0-beta.2

2.0.0-beta.3

2.0.0-beta.4

2.0.0-beta.5

2.0.0-beta.6

2.0.0-rc.1

2.1.0

2.1.0-beta.1

2.1.0-beta.2

2.2.0

2.2.0-beta.1

2.2.0-beta.2

2.2.1

2.3.0

2.3.0-beta.1

2.3.0-beta.2

2.4.0

2.4.0-beta.1

2.4.0-beta.2

2.4.1

2.4.1-beta.1

2.4.2

2.5.0

2.5.0-beta.1

2.5.0-beta.2

2.5.1

2.5.2

2.6.0

2.6.0-beta.1

2.6.0-beta.2

2.6.1

2.6.2

2.6.3

sparkle-1.*

sparkle-1.5b1

sparkle-1.5b2

sparkle-1.5b3

sparkle-1.5b4

sparkle-1.5b5

sparkle-1.5b6