Auth bypass in Ratify-project Ratify

CVE-2025-27403

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment…

Vulnerability class: Broken Authentication

EPSS: 0.004 (35.5th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References