Vulnerability Details CVE-2025-0509
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.4%
CVSS Severity
CVSS v3 Score 7.3
References
Products affected by CVE-2025-0509
-
cpe:2.3:a:netapp:oncommand_workflow_automation:-
-
cpe:2.3:a:sparkle-project:sparkle:*
-
cpe:2.3:o:netapp:hci_compute_node:-