Vulnerability in In-toto Go-witness
CVE-2025-62375
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can i…
Vulnerability class: Improper Certificate Validation
EPSS: 0.002 (8.4th percentile) — read the EPSS interpretation.
Affected products
- In-toto Go-witness — versions < 0.9.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)