Common Weakness Enumeration

CWE-694

Allowed

Use of Multiple Resources with Duplicate Identifier

Abstraction: Base · Status: Incomplete

The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

18 vulnerabilities reference this CWE, most recent first.

GHSA-4588-XX8P-CH9Q

Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33
VLAI
Details

Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve.

This issue affects: Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), all versions of 8.80 and prior.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-694"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-12T02:15:22Z",
    "severity": "MODERATE"
  },
  "details": "Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. \n\nThis issue affects:\u00a0Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)),\u00a0all versions of 8.80 and prior.",
  "id": "GHSA-4588-xx8p-ch9q",
  "modified": "2024-12-12T03:33:06Z",
  "published": "2024-12-12T03:33:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41146"
    },
    {
      "type": "WEB",
      "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41146"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5Q72-4WHC-C2W5

Vulnerability from github – Published: 2023-04-25 21:30 – Updated: 2024-04-04 03:40
VLAI
Details

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23721"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-694",
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-25T19:15:10Z",
    "severity": "LOW"
  },
  "details": "PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.",
  "id": "GHSA-5q72-4whc-c2w5",
  "modified": "2024-04-04T03:40:52Z",
  "published": "2023-04-25T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23721"
    },
    {
      "type": "WEB",
      "url": "https://docs.pingidentity.com/r/en-us/pingid/davinci_pingid_windows_login_relnotes_2.9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C52F-PQ47-2R9J

Vulnerability from github – Published: 2021-05-24 16:57 – Updated: 2025-05-29 22:59
VLAI
Summary
plugin.yaml file allows for duplicate entries in helm
Details

Impact

During a security audit of Helm's code base, Helm maintainers identified a bug in which a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack.

To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection).

Patches

This issue has been patched in Helm 2.16.11 and Helm 3.3.2.

Workarounds

Make sure to install plugins using a secure connection protocol like SSL.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "helm.sh/helm/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "helm.sh/helm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.16.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-694",
      "CWE-74"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-24T12:56:32Z",
    "nvd_published_at": "2020-09-17T22:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nDuring a security audit of Helm\u0027s code base, Helm maintainers identified a bug in which a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin\u0027s install hooks, causing a local execution attack.\n\nTo perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection).\n\n### Patches\n\nThis issue has been patched in Helm 2.16.11 and Helm 3.3.2.\n\n### Workarounds\n\nMake sure to install plugins using a secure connection protocol like SSL.",
  "id": "GHSA-c52f-pq47-2r9j",
  "modified": "2025-05-29T22:59:16Z",
  "published": "2021-05-24T16:57:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15187"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/6aab63765f99050b115f0aec3d6350c85e8da946"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/ac7c07c37d87e09797f714fb57aa5e9cb99d9450"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/b0296c0522e837d65f944beefa3fb64fd08ac304"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/c8d6b01d72c9604e43ee70d0d78fadd54c2d8499"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/f2ede29480b507b7d8bb152dd8b6b86248b00658"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/helm/helm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "plugin.yaml file allows for duplicate entries in helm"
}

GHSA-F82C-VJ6W-XX38

Vulnerability from github – Published: 2026-04-28 21:36 – Updated: 2026-04-28 21:36
VLAI
Details

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5794"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-694"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-28T19:37:47Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability affecting the detailed versions of\u00a0Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request.",
  "id": "GHSA-f82c-vj6w-xx38",
  "modified": "2026-04-28T21:36:14Z",
  "published": "2026-04-28T21:36:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5794"
    },
    {
      "type": "WEB",
      "url": "https://info.cryptobox.com/doc/v4.40/4.40.en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JM56-5H66-W453

Vulnerability from github – Published: 2021-05-24 16:57 – Updated: 2023-10-02 13:35
VLAI
Summary
Repository index file allows for duplicates of the same chart entry in helm
Details

Impact

During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository.

To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection).

Specific Go Packages Affected

helm.sh/helm/v3/pkg/repo

Patches

This issue has been patched in Helm 3.3.2 and 2.16.11

Workarounds

  • do not install charts from repositories you do not trust
  • fetch charts using a secure channel of communication (such as TLS)
  • use helm pull to fetch the chart, then review the chart’s content (either manually, or with helm verify if it has been signed) to ensure it has not been tampered with
  • manually review the index file in the Helm repository cache before installing software.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "helm.sh/helm/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "helm.sh/helm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.16.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-694",
      "CWE-74"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-24T16:47:58Z",
    "nvd_published_at": "2020-09-17T22:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nDuring a security audit of Helm\u0027s code base, security researchers at Trail of Bits identified a bug in which the a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository.\n\nTo perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection).\n\n### Specific Go Packages Affected\nhelm.sh/helm/v3/pkg/repo\n\n### Patches\n\nThis issue has been patched in Helm 3.3.2 and 2.16.11\n\n### Workarounds\n\n- do not install charts from repositories you do not trust\n- fetch charts using a secure channel of communication (such as TLS)\n- use `helm pull` to fetch the chart, then review the chart\u2019s content (either manually, or with `helm verify` if it has been signed) to ensure it has not been tampered with\n- manually review the index file in the Helm repository cache before installing software.",
  "id": "GHSA-jm56-5h66-w453",
  "modified": "2023-10-02T13:35:50Z",
  "published": "2021-05-24T16:57:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15185"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/6aab63765f99050b115f0aec3d6350c85e8da946"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Repository index file allows for duplicates of the same chart entry in helm"
}

GHSA-JP7H-4F3C-9RC7

Vulnerability from github – Published: 2025-10-23 16:01 – Updated: 2025-10-23 16:01
VLAI
Summary
OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method
Details

Impact

This is a cross-account impersonation vulnerability in the auth-aws plugin. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a role with the same name in a trusted account, leading to unauthorized access.

This impacts all users of the auth-aws plugin who operate in a multi-account AWS environment where IAM role names may not be unique across accounts.

The core of the vulnerability is a flawed caching mechanism that fails to validate the AWS Account ID during authentication. While the use of wildcards in a bound_iam_principal_arn configuration significantly increases the attack surface, wildcards are not a prerequisite for exploitation. The vulnerability can be exploited with specific ARN bindings if a role name collision occurs.

Successful exploitation can lead to unauthorized access to secrets, data exfiltration, and privilege escalation. Given that the only prerequisite is a duplicate role name, the severity is considered high.

Patches

This vulnerability has been patched in version 0.1.1 of the auth-aws plugin. Users are advised to upgrade to version 0.1.1 or later to remediate this vulnerability.

Workarounds

For users who are unable to upgrade to version 0.1.1 immediately, the most effective workaround is to guarantee that IAM role names are unique across all AWS accounts that could potentially interact with your OpenBao environment. This is the most critical mitigation step.

Primary Mitigation: Audit your AWS organizations to identify and rename any duplicate IAM role names. Enforce a naming convention that includes account-specific identifiers to prevent future collisions.

While removing wildcards from your bound_iam_principal_arn configuration is still recommended as a security best practice, it will not mitigate this vulnerability if duplicate role names exist.

Credits

This vulnerability was discovered and reported by Pavlos Karakalidis

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.1.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/openbao/openbao-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59048"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-694",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-23T16:01:27Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nThis is a cross-account impersonation vulnerability in the `auth-aws` plugin. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a role with the **same name** in a trusted account, leading to unauthorized access.\n\nThis impacts all users of the `auth-aws` plugin who operate in a multi-account AWS environment where IAM role names may not be unique across accounts.\n\nThe core of the vulnerability is a flawed caching mechanism that fails to validate the AWS Account ID during authentication. While the use of wildcards in a `bound_iam_principal_arn configuration` significantly increases the attack surface, **wildcards are not a prerequisite for exploitation**. The vulnerability can be exploited with specific ARN bindings if a role name collision occurs.\n\nSuccessful exploitation can lead to unauthorized access to secrets, data exfiltration, and privilege escalation. Given that the only prerequisite is a duplicate role name, the severity is considered **high**.\n\n### Patches\nThis vulnerability has been patched in version **0.1.1** of the `auth-aws` plugin.\nUsers are advised to upgrade to version **0.1.1** or later to remediate this vulnerability.\n\n### Workarounds\nFor users who are unable to upgrade to version **0.1.1** immediately, the most effective workaround is to **guarantee that IAM role names are unique across all AWS accounts** that could potentially interact with your OpenBao environment. This is the most critical mitigation step.\n\n**Primary Mitigation**: Audit your AWS organizations to identify and rename any duplicate IAM role names. Enforce a naming convention that includes account-specific identifiers to prevent future collisions.\n\nWhile removing wildcards from your `bound_iam_principal_arn` configuration is still recommended as a security best practice, it **will not** mitigate this vulnerability if duplicate role names exist.\n\n### Credits\nThis vulnerability was discovered and reported by [Pavlos Karakalidis](https://github.com/pkarakal/)",
  "id": "GHSA-jp7h-4f3c-9rc7",
  "modified": "2025-10-23T16:01:27Z",
  "published": "2025-10-23T16:01:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openbao/openbao-plugins/security/advisories/GHSA-jp7h-4f3c-9rc7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbao/openbao-plugins/commit/2a77af36834746ca6d3ac9bd1049154c84b3efae"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openbao/openbao-plugins"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method"
}

GHSA-M4XF-X7W2-QGFQ

Vulnerability from github – Published: 2026-07-10 00:31 – Updated: 2026-07-10 00:31
VLAI
Details

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

On an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted. Please note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.

To be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:

user@host> show system processes extensive | match "KMD|IKED" This issue affects Junos OS on MX with SPC3, SRX Series:

  • all versions before 23.2R2-S7,
  • 23.4 versions before 23.4R2-S6,
  • 24.2 versions before 24.2R2-S3,
  • 24.4 versions before 24.4R2-S4,
  • 25.2 versions before 25.2R1-S1.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-694"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-09T22:17:07Z",
    "severity": "MODERATE"
  },
  "details": "A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\nOn an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail\u00a0a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.\nPlease note that the index value can\u0027t be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.\n\nTo be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:\n\nuser@host\u003e show system processes extensive | match \"KMD|IKED\"\nThis issue affects Junos OS on MX with SPC3, SRX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R1-S1.",
  "id": "GHSA-m4xf-x7w2-qgfq",
  "modified": "2026-07-10T00:31:26Z",
  "published": "2026-07-10T00:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57024"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA110084"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XH5W-G8GQ-R3V9

Vulnerability from github – Published: 2025-11-24 18:31 – Updated: 2026-05-29 20:50
VLAI
Summary
Keylime allows users to register new agents by recycling existing UUIDs when using different TPM devices
Details

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keylime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.13.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-13609"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-694"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-26T19:32:37Z",
    "nvd_published_at": "2025-11-24T18:15:49Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent\u0027s unique identifier (UUID). This action overwrites the legitimate agent\u0027s identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.",
  "id": "GHSA-xh5w-g8gq-r3v9",
  "modified": "2026-05-29T20:50:19Z",
  "published": "2025-11-24T18:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13609"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keylime/keylime/issues/1820"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keylime/keylime/pull/1785"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keylime/keylime/commit/e1ae8de1f7b1385eaeec66572a92ff1338e6e157"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:23201"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:23210"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:23628"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:23735"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:23852"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:0429"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-13609"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416761"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keylime/keylime"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keylime/keylime/releases/tag/v7.13.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keylime/PYSEC-2025-77.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keylime allows users to register new agents by recycling existing UUIDs when using different TPM devices"
}

Mitigation
Architecture and Design

Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

No CAPEC attack patterns related to this CWE.