Authentication Bypass in Trustee Project by Confidential Containers
CVE-2025-61779

8.7HIGH

Key Information:

Vendor

Confidential-containers

Status
Trustee
Vendor
CVE Published:
9 October 2025

What is CVE-2025-61779?

The Trustee project, developed by Confidential Containers, includes essential tools for attesting confidential guest environments. In versions prior to 0.15.0, a significant security oversight was identified where the attestation-policy endpoint failed to verify the authentication status of the kbs-client making the request. This vulnerability permitted unauthorized kbs-clients to alter the attestation policy, thereby jeopardizing the security of the confidential guests. The issue was rectified in version 0.15.0, which now mandates proper authentication before permitting policy modifications.

Affected Version(s)

trustee < 0.15.0

References

https://github.com/confidential-containers/trustee/securi...
x_refsource_CONFIRM
https://github.com/confidential-containers/trustee/pull/957
x_refsource_MISC
https://github.com/confidential-containers/trustee/commit...
x_refsource_MISC

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61779 : Authentication Bypass in Trustee Project by Confidential Containers