Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-29991

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification.

Published

2025-04-03T03:15:17.947

Last Modified

2025-04-07T14:18:34.453

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 2.2 (LOW)

Weaknesses

Type: Secondary
CWE-1390

Affected Vendors & Products

References

https://www.yubico.com/support/security-advisories/ysa-2025-02/ ([email protected])