MidnightBSD

Advisories for sparkle-project

CVE-2025-0509

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
patrick@puiterwijk.org 7.3 HIGH CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 0.7 6.0

Products Affected

Vendor Product Version
netapp hci_compute_node -
netapp oncommand_workflow_automation -
sparkle-project sparkle *