vulnerability

Alpine Linux: CVE-2025-68972: Improper Verification of Cryptographic Signature

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:M/Au:N/C:N/I:C/A:N)	Dec 27, 2025	Jan 5, 2026	Jan 5, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:N/I:C/A:N)

Published

Dec 27, 2025

Added

Jan 5, 2026

Modified

Jan 5, 2026

Description

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

Solution

alpine-linux-upgrade-gnupg

References

CVE-2025-68972
https://attackerkb.com/topics/CVE-2025-68972
URL-https://security.alpinelinux.org/vuln/CVE-2025-68972
CWE-347

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today