CVE-2025-68973
CVE Details
Visit the official vulnerability details page for CVE-2025-68973 to learn more.
Initial Publication
01/01/2026
Last Update
02/12/2026
Third Party Dependency
gpgv
NIST CVE Summary
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
CVE Severity
Our Official Summary
This is a high-severity vulnerability in GnuPG (GNU Privacy Guard) affecting versions before 2.4.9, where a logic error in the armor_filter function (g10/armor.c) causes an out-of-bounds write when processing specially crafted input due to a double increment of an index variable.
This vulnerability is applicable only if vmo is used as it only affect these images. Exploting this vulnerability on these images will require elevated permissions with cluster access. Several cluster security best practices if implemented correctly will make this exploitation very difficult.
A upstream fix when available will be adopted to fix this cve.
Status
Open
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.8.27 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 02/12/2026 | Official summary added |
| 01/08/2026 | Advisory assigned with HIGH severity |