Security Vulnerability in Raspberry Pi Imager for Windows
CVE-2025-60892

6.8MEDIUM

Key Information:

Vendor: Raspberry Pi Foundation
Status: Raspberry Pi Imager
Vendor: CVE Published:; 3 November 2025

🔔 Create Raspberry Pi Foundation Vulnerability Alert

What is CVE-2025-60892?

A vulnerability in Raspberry Pi Imager version 1.9.6 for Windows exposes users to security risks related to its OS customization feature. The application improperly handles the 'public-key authentication' setting, which causes it to erroneously restore a user's ssh public key (id_rsa.pub) to the authorized_keys file on the Raspberry Pi, despite explicit removal attempts from the user interface. This flaw can potentially enable an attacker to log into the device using unintended access without the user's consent.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/raspberrypi/rpi-imager/issues/1185

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2025
Vulnerability Reserved
Sep 26, 2025

JSON

Raspberry Pi Foundation

What is CVE-2025-60892?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.