data/reports/GO-2025-4028.yaml - vulndb - Git at Google

 id: GO-2025-4028
 modules:
     - module: github.com/in-toto/go-witness
       versions:
         - fixed: 0.9.1
       vulnerable_at: 0.9.0
 summary: go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness
 cves:
     - CVE-2025-62375
 ghsas:
     - GHSA-72c7-4g63-hpw5
 references:
     - advisory: https://github.com/in-toto/go-witness/security/advisories/GHSA-72c7-4g63-hpw5
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-62375
     - fix: https://github.com/in-toto/go-witness/commit/04ff20b600e28ce8fd1aa287534dd383a1cfefb9
 source:
     id: GHSA-72c7-4g63-hpw5
     created: 2025-10-28T17:37:01.28933708Z
 review_status: UNREVIEWED
	id: GO-2025-4028
	modules:
	- module: github.com/in-toto/go-witness
	versions:
	- fixed: 0.9.1
	vulnerable_at: 0.9.0
	summary: go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness
	cves:
	- CVE-2025-62375
	ghsas:
	- GHSA-72c7-4g63-hpw5
	references:
	- advisory: https://github.com/in-toto/go-witness/security/advisories/GHSA-72c7-4g63-hpw5
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-62375
	- fix: https://github.com/in-toto/go-witness/commit/04ff20b600e28ce8fd1aa287534dd383a1cfefb9
	source:
	id: GHSA-72c7-4g63-hpw5
	created: 2025-10-28T17:37:01.28933708Z
	review_status: UNREVIEWED