{"id":"AZL-58935","summary":"CVE-2025-30258 affecting package gnupg2 2.4.9-2","details":"In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"","modified":"2026-04-21T04:37:10.464744Z","published":"2025-03-19T20:15:20Z","upstream":["CVE-2025-30258"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30258"}],"affected":[{"package":{"name":"gnupg2","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/gnupg2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.4.9-2"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58935.json"}}],"schema_version":"1.7.5"}