CVE-2025-13609— Keylime: keylime: registrar allows identity takeover via duplicate uuid registration
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-13609
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Keylime: keylime: registrar allows identity takeover via duplicate uuid registration
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用多个具有重复标识的资源
Source: NVD (National Vulnerability Database)
Vulnerability Title
Keylime 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Keylime是Keylime开源的一个利用 TPM 技术的开源可扩展信任系统。 Keylime存在安全漏洞,该漏洞源于攻击者可注册新代理并覆盖合法代理身份,可能导致绕过安全控制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Keylime Project | keylime | 0 ~ 7.14.0 | - | |
| Red Hat | Red Hat Enterprise Linux 10 | 0:7.12.1-11.el10_1.3 ~ * | cpe:/o:redhat:enterprise_linux:10.1 | |
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | 0:7.12.1-2.el10_0.4 ~ * | cpe:/o:redhat:enterprise_linux_eus:10.0 | |
| Red Hat | Red Hat Enterprise Linux 9 | 0:7.12.1-11.el9_7.3 ~ * | cpe:/a:redhat:enterprise_linux:9::appstream | |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:6.5.2-6.el9_2.1 ~ * | cpe:/a:redhat:rhel_e4s:9.2::appstream | |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:7.3.0-13.el9_4.1 ~ * | cpe:/a:redhat:rhel_eus:9.4::appstream | |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:7.3.0-15.el9_6.1 ~ * | cpe:/a:redhat:rhel_eus:9.6::appstream |
II. Public POCs for CVE-2025-13609
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-13609
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-694
- CVE-2026-5794
Vulnerability in Cryptobox allows an authenticated user to t - CVE-2024-41146
Gallagher Controller 6000和Gallagher Controller 7000 安全漏洞 - CVE-2022-23721
PingID integration for Windows login duplicate username coll - CVE-2023-20100
Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Jo - CVE-2021-3436
BT: Possible to overwrite an existing bond during keys distr
V. Comments for CVE-2025-13609
No comments yet