CVE-2025-70887
Privilege Escalation in ralphje Signify via signed_data.py, context.py
Publication date: 2026-03-25
Last updated on: 2026-04-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ralphje | signify | to 0.9.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in ralphje Signify versions before 0.9.2 and allows a remote attacker to escalate privileges by exploiting issues in the signed_data.py and context.py components.
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to gain higher privileges than intended, potentially leading to unauthorized access or control over the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not explicitly address how the vulnerability in ralphje Signify before v.0.9.2 affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves verifying the presence and correctness of the keyUsage and extendedKeyUsage extensions in certificates used by the signify or osslsigncode components.
Specifically, you should check if the signer certificates include the digitalSignature keyUsage and the code signing extendedKeyUsage (EKU) as required by the stricter validation introduced in signify version 0.9.2 and osslsigncode release 2.11.
Commands to detect this might include using OpenSSL to inspect certificates involved in signing operations, for example:
- openssl x509 -in <certificate.pem> -text -noout | grep -A 5 "Key Usage"
- openssl x509 -in <certificate.pem> -text -noout | grep -A 5 "Extended Key Usage"
Additionally, reviewing logs or outputs from signify or osslsigncode signature verification processes for errors or warnings related to missing or invalid keyUsage or EKU extensions can help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade to the fixed versions of the affected software:
- Upgrade signify to version 0.9.2 or later, which includes stricter validation of keyUsage and extendedKeyUsage extensions in certificates.
- Upgrade osslsigncode to release 2.11 or later, which adds keyUsage validation for signer certificates.
These updates enforce proper certificate validation, preventing privilege escalation via malformed or improperly validated certificates.
In addition, review your certificate issuance and signing processes to ensure that all signer certificates include the required digitalSignature keyUsage and code signing EKU extensions.