{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T22:24:11.233","vulnerabilities":[{"cve":{"id":"CVE-2025-24903","sourceIdentifier":"security-advisories@github.com","published":"2025-02-13T16:16:48.913","lastModified":"2026-06-17T08:59:49.060","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user. The origin of sync messages is not checked. Patched libsignal-service can be found after commit 82d70f6720e762898f34ae76b0894b0297d9b2f8. The `Metadata` struct contains an additional `was_encrypted` field, which breaks the API, but should be easily resolvable. No known workarounds are available."},{"lang":"es","value":"libsignal-service-rs es una versión Rust de la librería libsignal-service-java que implementa la funcionalidad principal para comunicarse con los servidores Signal. Antes del commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, cualquier contacto puede falsificar un mensaje de sincronización, haciéndose pasar por otro dispositivo del usuario local. No se verifica el origen de los mensajes de sincronización. Se puede encontrar libsignal-service parcheado después del commit 82d70f6720e762898f34ae76b0894b0297d9b2f8. La estructura `Metadata` contiene un campo `was_encrypted` adicional, que rompe la API, pero debería poder resolverse fácilmente. No hay workarounds disponibles."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"whisperfish","product":"libsignal-service-rs","versions":[{"version":"< 82d70f6720e762898f34ae76b0894b0297d9b2f8","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-13T16:26:57.836430Z","id":"CVE-2025-24903","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/whisperfish/libsignal-service-rs/commit/82d70f6720e762898f34ae76b0894b0297d9b2f8","source":"security-advisories@github.com"},{"url":"https://github.com/whisperfish/libsignal-service-rs/security/advisories/GHSA-r58q-66g9-h6g8","source":"security-advisories@github.com"}]}}]}