Home

Description

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.

PUBLISHED Reserved 2025-11-24 | Published 2025-11-24 | Updated 2025-11-24 | Assigner redhat




HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

Problem types

Use of Multiple Resources with Duplicate Identifier

Product status

Default status
affected

Default status
affected

Timeline

2025-11-24:Reported to Red Hat.
2025-11-24:Made public.

References

access.redhat.com/security/cve/CVE-2025-13609 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2416761 (RHBZ#2416761) issue-tracking

cve.org (CVE-2025-13609)

nvd.nist.gov (CVE-2025-13609)

Download JSON