Description

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

INFO

Published Date :

2025-08-01T05:41:09.361Z

Last Modified :

2025-08-01T13:47:20.337Z

Source :

debian
AFFECTED PRODUCTS

The following products are affected by CVE-2025-8454 vulnerability.

Vendors Products
Debian
  • Devscripts
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-8454.

URL Resource
https://bugs.debian.org/1109251 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact