Privilege Escalation Flaw in Osslsigncode by mtrojnar
CVE-2025-70888

Currently unrated

Key Information:

Vendor: mtrojnar
Status: Osslsigncode
Vendor: CVE Published:; 25 March 2026

What is CVE-2025-70888?

A vulnerability in Osslsigncode, specifically in the osslsigncode.c component, permits remote attackers to escalate their privileges. This issue affects versions of Osslsigncode prior to v2.10, presenting a significant risk of unauthorized access and control over the host system. Users are strongly encouraged to update to the latest versions to mitigate these risks.

References

https://github.com/ralphje/signify/issues/60

https://github.com/mtrojnar/osslsigncode/issues/475

https://github.com/mtrojnar/osslsigncode/pull/477

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70888 Data

JSON