CVE-2025-70887 - Vulnerability Details

Description

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components

Published: 2026-03-25

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the Python implementation of Signify, affecting all releases prior to version 0.9.2. A remote attacker can manipulate the signed_data.py and context.py modules to perform a privilege escalation, which aligns with the CWE‑269 classification. By altering signed data handling, the attacker may obtain elevated permissions within the system, potentially allowing them to execute arbitrary code with higher privileges.

Affected Systems

The affected product is Signify, distributed under the Python package ralphje:signify. All versions before 0.9.2 are vulnerable; no other vendors or product versions are listed.

Risk and Exploitability

The vulnerability is scored highly with a CVSS value of 8.8, indicating significant potential impact. Exploit likelihood appears low, and it is not currently recorded as a known exploited vulnerability in the public catalog. The flaw is likely triggered by a remote actor who can provide crafted signed data to the vulnerable components, enabling the privilege escalation path described above.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:ralphje:signify:*:*:*:*:*:python:*:*

No data.

Vendor Product Confidence Versions

Ralphje

Signify

95%

Version	Status	Scheme	Platform
`[0,0.9.2)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Signify to version 0.9.2 or later
If an immediate upgrade is not feasible, restrict or isolate access to the signed_data.py and context.py modules to prevent exploitation
Monitor logs for any anomalies related to signed data handling and investigate promptly

Generated by OpenCVE AI on April 2, 2026 at 04:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-p4hh-mq57-gq8x	Signify allows a remote attacker to escalate privileges via the signed_data.py and the context.py components

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00157.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/mtrojnar/osslsigncode/issues/475
https://github.com/mtrojnar/osslsigncode/pull/477
https://github.com/mtrojnar/osslsigncode/releases/tag/2.11
https://github.com/ralphje/signify/commit/64f21c0cc06cea0536370686ca3ba7a01e4adaa8
https://github.com/ralphje/signify/issues/60

History

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Title	Privilege Escalation via Signed Data Handling in Signify

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:ralphje:signify::::::python::*

Mon, 30 Mar 2026 08:15:00 +0000

Type	Values Removed	Values Added
Title		Privilege Escalation via Signed Data Handling in Signify

Sun, 29 Mar 2026 20:45:00 +0000

Type	Values Removed	Values Added
Title	Privilege Escalation via Signed Data Validation in Signify
Weaknesses	CWE-284

Fri, 27 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
Title		Privilege Escalation via Signed Data Validation in Signify
Weaknesses		CWE-269 CWE-284
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 27 Mar 2026 09:30:00 +0000

Type	Values Removed	Values Added
Title	Privilege Escalation via Signed Data Parsing in ralphje Signify
Weaknesses	CWE-285 CWE-732

Thu, 26 Mar 2026 14:00:00 +0000

Type	Values Removed	Values Added
Title		Privilege Escalation via Signed Data Parsing in ralphje Signify
Weaknesses		CWE-285 CWE-732

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Title	Remote Privilege Escalation via Signed Data Handling in Signify
Weaknesses	CWE-264

Thu, 26 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ralphje Ralphje signify
Vendors & Products		Ralphje Ralphje signify

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title		Remote Privilege Escalation via Signed Data Handling in Signify
Weaknesses		CWE-264

Wed, 25 Mar 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
References		https://github.com/mtrojnar/osslsigncode/issues/475 https://github.com/mtrojnar/osslsigncode/pull/477 https://github.com/mtrojnar/osslsigncode/releases/tag/2.11 https://github.com/ralphje/signify/commit/64f21c0cc06cea0536370686ca3ba7a01e4adaa8 https://github.com/ralphje/signify/issues/60

Subscriptions

Ralphje Signify

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-25T00:00:00.000Z

Updated: 2026-03-27T19:43:12.486Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-70887

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-03-25T19:16:28.130

Modified: 2026-04-01T13:59:07.700

Link: CVE-2025-70887

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-02T07:59:18Z

Weaknesses

CWE-269

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object