CVE-2025-59339
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-09-18

Assigner: GitHub, Inc.

Description
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, if configured to. When running, the script properly rotates and encrypts the files using the provided GPG key(s), but silently fails to sign them, even if asked to.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-09-18
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59339
EUVD
EUVD-2025-29748
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ovh the_bastion *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-325 The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the osh-encrypt-rsync script used by Bastion to handle session-recording ttyrec files. While the script properly rotates and encrypts these files using GPG keys, it silently fails to sign them even when signing is requested. This means the authenticity and integrity verification of the files via signatures is not performed as expected.

Impact Analysis

Because the script fails to sign the session-recording files, it may be difficult to verify their authenticity and integrity. This could allow an attacker or unauthorized party to tamper with the recorded SSH session files without detection, potentially impacting trust in audit logs and forensic investigations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59339. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart