Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-zx65-nc6s-8yf9

Summary gnupg: verification DoS due to a malicious subkey in the keyring

Aliases

alias	CVE-2025-30258

Fixed_packages

url	pkg:deb/debian/gnupg2@2.2.46-5?distro=trixie
purl	pkg:deb/debian/gnupg2@2.2.46-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.46-5%3Fdistro=trixie

url pkg:deb/debian/gnupg2@2.4.7-21%2Bdeb13u1

purl pkg:deb/debian/gnupg2@2.4.7-21%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79fy-gfr6-zkgq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.4.7-21%252Bdeb13u1

url pkg:deb/debian/gnupg2@2.4.7-21%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/gnupg2@2.4.7-21%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79fy-gfr6-zkgq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.4.7-21%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/gnupg2@2.4.9-4?distro=trixie

purl pkg:deb/debian/gnupg2@2.4.9-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79fy-gfr6-zkgq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.4.9-4%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2

purl pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ng6k-ru7r-9kdp

vulnerability	VCID-zx65-nc6s-8yf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.27-2%252Bdeb11u2

url pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zx65-nc6s-8yf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.27-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/gnupg2@2.2.40-1.1%2Bdeb12u2

purl pkg:deb/debian/gnupg2@2.2.40-1.1%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zx65-nc6s-8yf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.40-1.1%252Bdeb12u2

url pkg:deb/debian/gnupg2@2.2.40-1.1%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/gnupg2@2.2.40-1.1%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zx65-nc6s-8yf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.40-1.1%252Bdeb12u2%3Fdistro=trixie

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30258.json

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30258.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-30258

reference_id

reference_type

scores

value	0.00025
scoring_system	epss
scoring_elements	0.06686
published_at	2026-04-02T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.0673
published_at	2026-04-04T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06714
published_at	2026-04-07T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06765
published_at	2026-04-08T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06798
published_at	2026-04-09T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06797
published_at	2026-04-11T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.0679
published_at	2026-04-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06784
published_at	2026-04-13T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06715
published_at	2026-04-16T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06705
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07635
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-30258

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html

reference_id

000491.html

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:49:18Z/

url

https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100990
reference_id	1100990
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100990

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2353427
reference_id	2353427
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2353427

reference_url

https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158

reference_id

rG48978ccb4e20866472ef18436a32744350a65158

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:49:18Z/

url

https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158

reference_url

https://dev.gnupg.org/T7527

reference_id

T7527

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:49:18Z/

url

https://dev.gnupg.org/T7527

reference_url	https://usn.ubuntu.com/7412-1/
reference_id	USN-7412-1
reference_type
scores
url	https://usn.ubuntu.com/7412-1/

reference_url	https://usn.ubuntu.com/7412-3/
reference_id	USN-7412-3
reference_type
scores
url	https://usn.ubuntu.com/7412-3/

Weaknesses

cwe_id	754
name	Improper Check for Unusual or Exceptional Conditions
description	The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Exploits

Severity_range_score 2.7 - 2.7

Exploitability 0.5

Weighted_severity 2.4

Risk_score 1.2

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zx65-nc6s-8yf9

Vulnerability Instance