CVEs-PoC/2025/CVE-2025-8454.md

CVE-2025-8454

Description

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

POC

Reference

No PoCs from references.

Github

• https://github.com/fkie-cad/nvd-json-data-feeds