Security Vulnerability in Raspberry Pi Imager for Windows
CVE-2025-60892

Currently unrated

Key Information:

Vendor: Raspberry Pi Foundation
Status: Raspberry Pi Imager
Vendor: CVE Published:; 3 November 2025

🔔 Create Raspberry Pi Foundation Vulnerability Alert

What is CVE-2025-60892?

A vulnerability in Raspberry Pi Imager version 1.9.6 for Windows exposes users to security risks related to its OS customization feature. The application improperly handles the 'public-key authentication' setting, which causes it to erroneously restore a user's ssh public key (id_rsa.pub) to the authorized_keys file on the Raspberry Pi, despite explicit removal attempts from the user interface. This flaw can potentially enable an attacker to log into the device using unintended access without the user's consent.

References

https://github.com/raspberrypi/rpi-imager/issues/1185

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2025
Vulnerability Reserved
Sep 26, 2025

JSON