CVE-2025-4658CRITICAL 9.8EPSS p21.0%

CVE-2025-4658CVE-2025-4658

Description

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.29% probability of exploitation · percentile 21.0% · 2026-06-19T12:03:05Z
Published2025-05-13
Last modified2025-05-22

Underlying weaknesses· 2

CWE-305CWE-347

References

  1. https://github.com/openpubkey/opkssh

2

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Primary Weaknesscwe-3050%live
WeaknessImproper Verification of Cryptographic Signaturecwe-3470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3757
CVE
CVE-2026-42508
CVE
CVE-2026-9758
CVE
CVE-2026-5194
CVE
CVE-2025-46386
CVE
CVE-2025-49196
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.