Primary

Context

Keylime Identity Takeover Vulnerability via Duplicate UUID Registration

Vulnerability

A vulnerability in Keylime allows an attacker to take over an existing agent's identity by registering a new agent with a duplicate UUID, using a different Trusted Platform Module (TPM) device. This action overwrites the identity of the legitimate agent, enabling impersonation and potential bypass of security controls.

Impact

Exploitation of this vulnerability allows for identity takeover of an existing agent, enabling impersonation and potential bypass of security controls associated with that agent.

Reproduction

To reproduce this vulnerability, register a new agent with a different TPM device and EK certificate, but use the UUID of an existing agent. This will overwrite the identity of the original agent, allowing the attacker to impersonate it.

Added: Nov 24, 2025, 6:18 PM

Updated: Nov 24, 2025, 6:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.3

remediation

0.0

relevance

1.1

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.3

remediation

0.0

relevance

1.1

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Keylime Identity Takeover Vulnerability via Duplicate UUID Registration

Vulnerability

Impact

Reproduction

Affected Products

Red Hat Keylime

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating