CVE-2025-64186

MEDIUM EPSS 2.5%
Published Nov 12, 20257mo ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Nov 12, 2025 7mo ago
Last Modified Jun 17, 2026 2w ago

Description

Evervault is a payment security solution. A vulnerability was identified in the `evervault-go` SDK’s attestation verification logic in versions of `evervault-go` prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees. The exploitability of this issue is limited in Evervault-hosted environments as an attacker would require the pre-requisite ability to serve requests from specific evervault domain names, following from our ACME challenge based TLS certificate acquisition pipeline. The vulnerability primarily affects applications which only check PCR8. Though the efficacy is also reduced for applications that check all PCR values, the impact is largely remediated by checking PCR 0, 1 and 2. The identified issue has been addressed in version 1.3.2 by validating attestation documents before storing in the cache, and replacing the naive equality checks with a new SatisfiedBy check. Those who useevervault-go to attest Enclaves that are hosted outside of Evervault environments and cannot upgrade have two possible workarounds available. Modify the application logic to fail verification if PCR8 is not explicitly present and non-empty and/or add custom pre-validation to reject documents that omit any required PCRs.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
2.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-347

Affected Products 1

VendorProductVersionRange
evervaultevervault* <1.3.2

References 3

  • github.com https://github.com/evervault/evervault-go/commit/7c824d289bba11ec0bea46a338023f5b128bbb28
    Patch
  • github.com https://github.com/evervault/evervault-go/pull/48
    Issue TrackingPatch
  • github.com https://github.com/evervault/evervault-go/security/advisories/GHSA-88h9-77c7-p6w4
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/evervault/evervault-go/commit/7c824d289bba11ec0bea46a338023f5b128bbb28
    Patch
  • github.com https://github.com/evervault/evervault-go/pull/48
    Issue TrackingPatch