Vulnerability in In-toto Go-witness

CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can i…

Vulnerability class: Improper Certificate Validation

EPSS: 0.002 (8.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References