CVE-2025-4658 — CRITICAL (9.8)

Q: How severe is CVE-2025-4658?

CVE-2025-4658 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-4658?

Check the references section above for vendor advisories and patch information. Affected products include: Openpubkey Openpubkey, Openpubkey Opkssh.

Vulnerability Description

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openpubkey	Openpubkey	< 0.10.0
Openpubkey	Opkssh	< 0.5.0

Related Weaknesses (CWE)

CWE-305 CWE-347

References

https://github.com/openpubkey/opksshProduct

FAQ

What is CVE-2025-4658?

CVE-2025-4658 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for aut...

How severe is CVE-2025-4658?

CVE-2025-4658 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-4658?

Check the references section above for vendor advisories and patch information. Affected products include: Openpubkey Openpubkey, Openpubkey Opkssh.