Keylime: keylime: registrar allows identity takeover via duplicate uuid registration
Summary
| CVE | CVE-2025-13609 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-11-24 18:15:49 UTC |
| Updated | 2026-06-25 02:16:34 UTC |
| Description | A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls. |
Risk And Classification
Primary CVSS: v3.1 8.2 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
EPSS: 0.003800000 probability, percentile 0.297790000 (date 2026-06-25)
Problem Types: CWE-694 | CWE-694 Use of Multiple Resources with Duplicate Identifier
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L |
| 3.1 | CNA | CVSS | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
HighUser Interaction
NoneScope
ChangedConfidentiality
LowIntegrity
HighAvailability
LowCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Keylime Project | Keylime | affected 7.14.0 semver | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 10 | unaffected 0:7.12.1-11.el10_1.3 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | unaffected 0:7.12.1-2.el10_0.4 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 9 | unaffected 0:7.12.1-11.el9_7.3 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 9.2 Update Services For SAP Solutions | unaffected 0:6.5.2-6.el9_2.1 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | unaffected 0:7.3.0-13.el9_4.1 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | unaffected 0:7.3.0-15.el9_6.1 * rpm | Not specified |
| CNA | Red Hat | Red Hat In-Vehicle Operating System 1 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| access.redhat.com/errata/RHSA-2025:23735 | [email protected] | access.redhat.com | |
| access.redhat.com/errata/RHSA-2025:23201 | [email protected] | access.redhat.com | |
| access.redhat.com/errata/RHSA-2025:23628 | [email protected] | access.redhat.com | |
| access.redhat.com/security/cve/CVE-2025-13609 | [email protected] | access.redhat.com | |
| github.com/keylime/keylime/issues/1820 | [email protected] | github.com | |
| access.redhat.com/errata/RHSA-2026:0429 | [email protected] | access.redhat.com | |
| bugzilla.redhat.com/show_bug.cgi | [email protected] | bugzilla.redhat.com | |
| access.redhat.com/errata/RHSA-2025:23852 | [email protected] | access.redhat.com | |
| access.redhat.com/errata/RHSA-2025:23210 | [email protected] | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2025-11-24T14:53:54.188Z | Reported to Red Hat. |
| CNA | 2025-11-24T16:00:06.761Z | Made public. |
Workarounds
CNA: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
There are currently no legacy QID mappings associated with this CVE.