{"api_version":"1","generated_at":"2026-06-25T17:31:25+00:00","cve":"CVE-2025-13609","urls":{"html":"https://cve.report/CVE-2025-13609","api":"https://cve.report/api/cve/CVE-2025-13609.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-13609","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-13609"},"summary":{"title":"Keylime: keylime: registrar allows identity takeover via duplicate uuid registration","description":"A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-11-24 18:15:49","updated_at":"2026-06-25 02:16:34"},"problem_types":["CWE-694","CWE-694 Use of Multiple Resources with Duplicate Identifier"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"8.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:23735","name":"https://access.redhat.com/errata/RHSA-2025:23735","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:23201","name":"https://access.redhat.com/errata/RHSA-2025:23201","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:23628","name":"https://access.redhat.com/errata/RHSA-2025:23628","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-13609","name":"https://access.redhat.com/security/cve/CVE-2025-13609","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/keylime/keylime/issues/1820","name":"https://github.com/keylime/keylime/issues/1820","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:0429","name":"https://access.redhat.com/errata/RHSA-2026:0429","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416761","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2416761","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:23852","name":"https://access.redhat.com/errata/RHSA-2025:23852","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:23210","name":"https://access.redhat.com/errata/RHSA-2025:23210","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-13609","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13609","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Keylime Project","product":"keylime","version":"affected 7.14.0 semver","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"unaffected 0:7.12.1-11.el10_1.3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","version":"unaffected 0:7.12.1-2.el10_0.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:7.12.1-11.el9_7.3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","version":"unaffected 0:6.5.2-6.el9_2.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","version":"unaffected 0:7.3.0-13.el9_4.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","version":"unaffected 0:7.3.0-15.el9_6.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat In-Vehicle Operating System 1","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-11-24T14:53:54.188Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-11-24T16:00:06.761Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-13609","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-11-24T19:00:14.018523Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-11-24T19:00:31.365Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://github.com/keylime/keylime","defaultStatus":"unaffected","packageName":"keylime","product":"keylime","vendor":"Keylime Project","versions":[{"lessThan":"7.14.0","status":"affected","version":"0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.1"],"defaultStatus":"affected","packageName":"keylime","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.12.1-11.el10_1.3","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","packageName":"keylime","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.12.1-2.el10_0.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","packageName":"keylime","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.12.1-11.el9_7.3","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"defaultStatus":"affected","packageName":"keylime","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.5.2-6.el9_2.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"],"defaultStatus":"affected","packageName":"keylime","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.3.0-13.el9_4.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"],"defaultStatus":"affected","packageName":"keylime","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.3.0-15.el9_6.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhivos:1"],"defaultStatus":"unaffected","packageName":"keylime","product":"Red Hat In-Vehicle Operating System 1","vendor":"Red Hat"}],"datePublic":"2025-11-24T16:00:06.761Z","descriptions":[{"lang":"en","value":"A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-694","description":"Use of Multiple Resources with Duplicate Identifier","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-25T01:41:15.698Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:23201","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:23201"},{"name":"RHSA-2025:23210","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:23210"},{"name":"RHSA-2025:23628","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:23628"},{"name":"RHSA-2025:23735","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:23735"},{"name":"RHSA-2025:23852","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:23852"},{"name":"RHSA-2026:0429","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:0429"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-13609"},{"name":"RHBZ#2416761","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416761"},{"url":"https://github.com/keylime/keylime/issues/1820"}],"timeline":[{"lang":"en","time":"2025-11-24T14:53:54.188Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-11-24T16:00:06.761Z","value":"Made public."}],"title":"Keylime: keylime: registrar allows identity takeover via duplicate uuid registration","workarounds":[{"lang":"en","value":"Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-694: Use of Multiple Resources with Duplicate Identifier"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-13609","datePublished":"2025-11-24T18:08:56.048Z","dateReserved":"2025-11-24T15:47:12.935Z","dateUpdated":"2026-06-25T01:41:15.698Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-11-24 18:15:49","lastModifiedDate":"2026-06-25 02:16:34","problem_types":["CWE-694","CWE-694 Use of Multiple Resources with Duplicate Identifier"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":5.3}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-11-24T19:00:14.018523Z","id":"CVE-2025-13609","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"13609","Ordinal":"1","Title":"Keylime: keylime: registrar allows identity takeover via duplica","CVE":"CVE-2025-13609","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"13609","Ordinal":"1","NoteData":"A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.","Type":"Description","Title":"Keylime: keylime: registrar allows identity takeover via duplica"}]}}}