{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T01:23:24.339","vulnerabilities":[{"cve":{"id":"CVE-2025-8454","sourceIdentifier":"security@debian.org","published":"2025-08-01T06:15:29.493","lastModified":"2025-08-06T16:17:38.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then."},{"lang":"es","value":"Se descubrió que uscan, una herramienta para escanear o vigilar fuentes originales en busca de nuevas versiones de software, incluida en devscripts (una colección de scripts para facilitar la vida del fabricante de paquetes Debian), omite la verificación OpenPGP para archivos ya descargados incluso si una verificación previa falló."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:debian:devscripts:2.25.15:*:*:*:*:*:*:*","matchCriteriaId":"03D0F848-1E33-47BF-8523-03792C46EC92"}]}]}],"references":[{"url":"https://bugs.debian.org/1109251","source":"security@debian.org","tags":["Issue Tracking","Mailing List"]}]}}]}