CVE-2025-8454

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugs.debian.org/1109251", "name": "https://bugs.debian.org/1109251", "tags": ["Issue Tracking", "Mailing List"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-8454", "ASSIGNER": "security@debian.org"}}, "impact": {}, "publishedDate": "2025-08-01T06:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:debian:devscripts:2.25.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-06T16:17Z"}