{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T17:50:41.878","vulnerabilities":[{"cve":{"id":"CVE-2025-30258","sourceIdentifier":"cve@mitre.org","published":"2025-03-19T20:15:20.140","lastModified":"2025-10-16T16:53:07.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\""},{"lang":"es","value":"En GnuPG anterior a 2.5.5, si un usuario elige importar un certificado con ciertos datos de subclave manipulado que carecen de una firma inversa válida o que tienen indicadores de uso incorrectos, el usuario pierde la capacidad de verificar las firmas realizadas a partir de ciertas otras claves de firma, lo que se conoce como \"denegación de servicio de verificación\"."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L","baseScore":2.7,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.8","matchCriteriaId":"4A441713-EE54-43FD-88EC-7369E4B096EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndExcluding":"2.5.5","matchCriteriaId":"C356F338-438C-4F0E-828A-6FC161AD8CAD"}]}]}],"references":[{"url":"https://dev.gnupg.org/T7527","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html","source":"cve@mitre.org","tags":["Mailing List","Release Notes","Vendor Advisory"]}]}}]}