CVE-2025-59339
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ovh | the_bastion | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-325 | The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the osh-encrypt-rsync script used by Bastion to handle session-recording ttyrec files. While the script properly rotates and encrypts these files using GPG keys, it silently fails to sign them even when signing is requested. This means the authenticity and integrity verification of the files via signatures is not performed as expected.
How can this vulnerability impact me? :
Because the script fails to sign the session-recording files, it may be difficult to verify their authenticity and integrity. This could allow an attacker or unauthorized party to tamper with the recorded SSH session files without detection, potentially impacting trust in audit logs and forensic investigations.