CVE-2025-24882

Summary

regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.

Affected Software

VendorProductVersion RangeStatus
regclientregclient< 0.7.1affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation
  • CWE-345: CWE-345: Insufficient Verification of Data Authenticity

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References