CVE-2025-70887
Published: 25 March 2026
Summary
CVE-2025-70887 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Ralphje Signify. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 26.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-70887 is a privilege escalation vulnerability in ralphje's Signify tool prior to version 0.9.2, published on 2026-03-25. The flaw resides in the signed_data.py and context.py components and is classified under CWE-269 (Improper Privilege Management). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
A remote attacker possessing low privileges (PR:L) can exploit the vulnerability without user interaction. Exploitation occurs over the network with low complexity, enabling privilege escalation on affected systems running vulnerable versions of Signify.
Mitigation is addressed through updates in the ralphje/signify repository, including the fix in commit 64f21c0cc06cea0536370686ca3ba7a01e4adaa8 and discussion in issue #60; users should upgrade to version 0.9.2 or later. Related concerns in the osslsigncode project are covered in issue #475, pull request #477, and release 2.11.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209004
Vulnerability details
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a privilege escalation issue (CWE-269) exploitable remotely with low privileges, directly enabling T1068: Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates timely identification, reporting, and correction of the privilege escalation flaw in Signify by upgrading to v0.9.2 or later.
Enforces least privilege to counter the improper privilege management (CWE-269) that enables low-privileged remote attackers to escalate privileges.
Requires enforcement of approved access authorizations, addressing the failure in signed_data.py and context.py components to properly restrict privilege escalation.