CVE-2025-70887
Published: 25 March 2026
Description
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely identification, reporting, and correction of the privilege escalation flaw in Signify by upgrading to v0.9.2 or later.
Enforces least privilege to counter the improper privilege management (CWE-269) that enables low-privileged remote attackers to escalate privileges.
Requires enforcement of approved access authorizations, addressing the failure in signed_data.py and context.py components to properly restrict privilege escalation.
Security SummaryAI
CVE-2025-70887 is a privilege escalation vulnerability in ralphje's Signify tool prior to version 0.9.2, published on 2026-03-25. The flaw resides in the signed_data.py and context.py components and is classified under CWE-269 (Improper Privilege Management). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
A remote attacker possessing low privileges (PR:L) can exploit the vulnerability without user interaction. Exploitation occurs over the network with low complexity, enabling privilege escalation on affected systems running vulnerable versions of Signify.
Mitigation is addressed through updates in the ralphje/signify repository, including the fix in commit 64f21c0cc06cea0536370686ca3ba7a01e4adaa8 and discussion in issue #60; users should upgrade to version 0.9.2 or later. Related concerns in the osslsigncode project are covered in issue #475, pull request #477, and release 2.11.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a privilege escalation issue (CWE-269) exploitable remotely with low privileges, directly enabling T1068: Exploitation for Privilege Escalation.