OpenPGP Verification Bypass in Devscripts Tool Affecting Debian
CVE-2025-8454
9.8CRITICAL
What is CVE-2025-8454?
A security flaw in the uscan tool, part of the devscripts package, allows for OpenPGP verification to be bypassed for files that have already been downloaded, even if a previous verification attempt failed. This poses a significant risk as it could allow maliciously modified files to be accepted, compromising the integrity of software updates. Users are advised to apply prompt patches and implement robust verification practices to safeguard their systems.
Affected Version(s)
devscripts 0