CVE-2025-30258

CVE Details

Visit the official vulnerability details page for CVE-2025-30258 to learn more.

Initial Publication

03/19/2025

Last Update

10/16/2025

Third Party Dependency

gnupg

NIST CVE Summary

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

CVE Severity

2.7

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Analyzed

Affected Products & Versions

Version	PaletteAI	PaletteAI VerteX
1.1.0-rc.1	⚠️ Impacted	⚠️ Impacted
1.0.5	⚠️ Impacted	⚠️ Impacted

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​