CVE-2025-13609

moderate-risk

Published 2025-11-24

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

NETWORK / LOW complexity

References (9)

https://access.redhat.com/errata/RHSA-2025:23201

https://access.redhat.com/errata/RHSA-2025:23210

https://access.redhat.com/errata/RHSA-2025:23628

https://access.redhat.com/errata/RHSA-2025:23735

https://access.redhat.com/errata/RHSA-2025:23852

https://access.redhat.com/errata/RHSA-2026:0429

https://access.redhat.com/security/cve/CVE-2025-13609

https://bugzilla.redhat.com/show_bug.cgi?id=2416761

https://github.com/keylime/keylime/issues/1820

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal