CVE-2025-13609

Summary

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.

Affected Software

VendorProductVersion RangeStatus
Keylime Projectkeylime0 < 7.14.0affected
Red HatRed Hat Enterprise Linux 100:7.12.1-11.el10_1.3 < *unaffected
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:7.12.1-2.el10_0.4 < *unaffected
Red HatRed Hat Enterprise Linux 90:7.12.1-11.el9_7.3 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:6.5.2-6.el9_2.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:7.3.0-13.el9_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:7.3.0-15.el9_6.1 < *unaffected

Weaknesses

  • CWE-694: Use of Multiple Resources with Duplicate Identifier

Workarounds

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References