Cyber Resilience

CVE-2025-25204

Medium

Published: 14 February 2025

Published
14 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
EPSS Score 0.0021 43.9th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25204 is a medium-severity Detection of Error Condition Without Action (CWE-390) vulnerability. Its CVSS base score is 6.3 (Medium).

Operationally, ranked at the 43.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no…

more

attestations are present. This behavior is incorrect: When no attestations are present, `gh attestation verify` should return a non-zero exit status code, thereby signaling verification failure. An attacker can abuse this flaw to, for example, deploy malicious artifacts in any system that uses `gh attestation verify`'s exit codes to gatekeep deployments. Users are advised to update `gh` to patched version `v2.67.0` as soon as possible.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-390

Requires explicit action (alert plus additional responses) on audit logging failures rather than detecting the error condition without acting.

addresses: CWE-390

The control mandates response actions to address results from monitoring and assessments, preventing detection of error conditions without subsequent corrective action.

addresses: CWE-390

Procedures require detection of error/incident conditions followed by defined response actions.

addresses: CWE-390

IR testing verifies that detected error conditions trigger appropriate response actions rather than being ignored.

addresses: CWE-390

The containment, eradication, and recovery steps ensure detected incidents trigger concrete actions rather than no response.

addresses: CWE-390

Provides assistance for handling incidents, ensuring detected error conditions lead to appropriate user actions rather than inaction.

addresses: CWE-390

Requires response actions to analysis of monitoring data, directly preventing detection of error conditions without follow-up action.

addresses: CWE-390

Reporting on security performance measures requires confirming that detected error conditions trigger appropriate actions rather than being ignored.

References