CVE-2025-25204

MEDIUM
Published Feb 14, 2025 Modified Apr 15, 2026 CWE-390

Description

`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestations are present. This behavior is incorrect: When no attestations are present, `gh attestation verify` should return a non-zero exit status code, thereby signaling verification failure. An attacker can abuse this flaw to, for example, deploy malicious artifacts in any system that uses `gh attestation verify`'s exit codes to gatekeep deployments. Users are advised to update `gh` to patched version `v2.67.0` as soon as possible.

CVSS v3.1 Score

6.3
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N

Weakness Type (CWE)

CWE-390 CWE-390

References

Frequently Asked Questions

What is CVE-2025-25204? +
`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestations are present. This behavior is incorrect: When no attestations are present, `gh attestation verify` should return a non-zero exit status code, thereby signaling verification failure. An attacker can abuse this flaw to, for example, deploy malicious artifacts in any system that uses `gh attestation verify`'s exit codes to gatekeep deployments. Users are advised to update `gh` to patched version `v2.67.0` as soon as possible. It has a CVSS v3.1 base score of 6.3 (MEDIUM).
How severe is CVE-2025-25204? +
CVE-2025-25204 has a CVSS v3.1 score of 6.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
How do I check if I'm vulnerable to CVE-2025-25204? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-49841 7.8

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
CVE-2025-46367 7.8

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A …
CVE-2024-27919 7.5

Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable …
CVE-2025-26465 6.8

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a …
CVE-2025-27039 6.6

Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request.
CVE-2024-12086 6.1

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-25204 — free, no signup required.

Start Free Scan