CVE-2025-2886

Risk Scores

Affected Products

Exploit Intelligence

• https://github.com/awslabs/tough/security/advisories/GHSA-v4wr-j3w6-mxqc (circl)
• https://aws.amazon.com/security/security-bulletins/AWS-2025-007/ (circl)
• https://github.com/awslabs/tough/releases/tag/tough-v0.20.0 (circl)

Timeline

• Mar 27, 2025 CVE Published
• Mar 28, 2025 EPSS Score
• Mar 28, 2025 Coalition ESS Score
• Mar 30, 2025 Coalition ESS Score
• Apr 10, 2025 EPSS Score
• Apr 23, 2025 EPSS Score
• May 6, 2025 EPSS Score
• May 19, 2025 EPSS Score
• Jun 1, 2025 EPSS Score
• Jun 14, 2025 EPSS Score
• Jun 27, 2025 EPSS Score
• Jul 10, 2025 EPSS Score

References

• https://github.com/awslabs/tough/security/advisories/GHSA-v4wr-j3w6-mxqc vendor-advisory
• https://aws.amazon.com/security/security-bulletins/AWS-2025-007/ vendor-advisory
• https://github.com/awslabs/tough/releases/tag/tough-v0.20.0 patch
• https://nvd.nist.gov/vuln/detail/CVE-2025-2886 advisory
• https://github.com/awslabs/tough/commit/598111f88105a707ee68b0fa06c52da7176ea96a url
• https://aws.amazon.com/security/security-bulletins/AWS-2025-007 url
• https://github.com/awslabs/tough package