CVE-2025-70887
Received Received - Intake
Privilege Escalation in ralphje Signify via signed_data.py, context.py

Publication date: 2026-03-25

Last updated on: 2026-04-01

Assigner: MITRE

Description
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-01
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2025-70887
EUVD
EUVD-2025-209004
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ralphje signify to 0.9.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in ralphje Signify versions before 0.9.2 and allows a remote attacker to escalate privileges by exploiting issues in the signed_data.py and context.py components.

Impact Analysis

The vulnerability can allow a remote attacker to gain higher privileges than intended, potentially leading to unauthorized access or control over the affected system.

Compliance Impact

The provided information does not explicitly address how the vulnerability in ralphje Signify before v.0.9.2 affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

Detection of this vulnerability involves verifying the presence and correctness of the keyUsage and extendedKeyUsage extensions in certificates used by the signify or osslsigncode components.

Specifically, you should check if the signer certificates include the digitalSignature keyUsage and the code signing extendedKeyUsage (EKU) as required by the stricter validation introduced in signify version 0.9.2 and osslsigncode release 2.11.

Commands to detect this might include using OpenSSL to inspect certificates involved in signing operations, for example:

  • openssl x509 -in <certificate.pem> -text -noout | grep -A 5 "Key Usage"
  • openssl x509 -in <certificate.pem> -text -noout | grep -A 5 "Extended Key Usage"

Additionally, reviewing logs or outputs from signify or osslsigncode signature verification processes for errors or warnings related to missing or invalid keyUsage or EKU extensions can help detect exploitation attempts.

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade to the fixed versions of the affected software:

  • Upgrade signify to version 0.9.2 or later, which includes stricter validation of keyUsage and extendedKeyUsage extensions in certificates.
  • Upgrade osslsigncode to release 2.11 or later, which adds keyUsage validation for signer certificates.

These updates enforce proper certificate validation, preventing privilege escalation via malformed or improperly validated certificates.

In addition, review your certificate issuance and signing processes to ensure that all signer certificates include the required digitalSignature keyUsage and code signing EKU extensions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70887. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart