Auth bypass in Ratify-project Ratify
CVE-2025-27403
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment…
Vulnerability class: Broken Authentication
EPSS: 0.004 (35.5th percentile) — read the EPSS interpretation.
Affected products
- Ratify-project Ratify — versions < 1.2.3, >= 1.3.0, < 1.3.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)