{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70887", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-27T19:43:12.486Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T18:55:32.212Z"}, "descriptions": [{"lang": "en", "value": "An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ralphje/signify/issues/60"}, {"url": "https://github.com/ralphje/signify/commit/64f21c0cc06cea0536370686ca3ba7a01e4adaa8"}, {"url": "https://github.com/mtrojnar/osslsigncode/issues/475"}, {"url": "https://github.com/mtrojnar/osslsigncode/pull/477"}, {"url": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.11"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T19:41:52.414592Z", "id": "CVE-2025-70887", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:43:12.486Z"}}]}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components"}, {"lang": "es", "value": "Un problema en ralphje Signify antes de la v.0.9.2 permite a un atacante remoto escalar privilegios a trav\u00e9s de los componentes signed_data.py y context.py"}], "id": "CVE-2025-70887", "lastModified": "2026-03-27T20:16:24.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T19:16:28.130", "references": [{"source": "[email protected]", "url": "https://github.com/mtrojnar/osslsigncode/issues/475"}, {"source": "[email protected]", "url": "https://github.com/mtrojnar/osslsigncode/pull/477"}, {"source": "[email protected]", "url": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.11"}, {"source": "[email protected]", "url": "https://github.com/ralphje/signify/commit/64f21c0cc06cea0536370686ca3ba7a01e4adaa8"}, {"source": "[email protected]", "url": "https://github.com/ralphje/signify/issues/60"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.9.2)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "signify", "vendor": "ralphje"}], "analysis": {"en": {"generated_at": "2026-03-27T10:29:41.077023+00:00", "value": {"mitigation_remediation": ["Upgrade to Signify version 0.9.2 or later.", "Verify that the new version includes the patch by checking release notes or official repository.", "If an upgrade is not immediately feasible, restrict the execution of signed_data.py and context.py to trusted users only, and block untrusted input sources.", "Monitor logs for attempts to execute signed modules with elevated privileges."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "This vulnerability affects all installations of ralphje Signify running a version older than 0.9.2. The affected product is the Signify signing tool, known for verifying signatures in various contexts. There are no additional vendor or product surfaces documented beyond the Signify repository and its users. Users employing older Signify binaries should verify the installed version and upgrade accordingly.", "description_and_impact": "An identified flaw in ralphje Signify, present in all releases before version 0.9.2, permits an attacker with remote access to insert crafted data that is processed by the signed_data.py and context.py modules. The vulnerability allows the attacker to bypass the intended permission checks and gain elevated privileges on the host. This is a clear privilege escalation issue that could enable full control over the affected system. The weakness can be classified under improper access control or bypass of authorization mechanisms.", "risk_and_exploitability": "The CVSS severity is not provided, but the EPSS score is below 1%, indicating a currently low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely abused. Nevertheless, the ability to raise privileges remotely is a high\u2011impact outcome, and the attack path does not require local access, making it potentially dangerous if the tool is exposed to untrusted inputs. Administrators should treat this as a high\u2011severity issue and remediate quickly."}}}}, "created": "2026-03-25T20:56:56.436992+00:00", "title": "Privilege Escalation via Signed Data Validation in Signify", "updated": "2026-03-27T15:48:06.850828+00:00", "vendors": ["ralphje", "ralphje$PRODUCT$signify"], "weaknesses": ["CWE-284"]}