Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2025-13609

CVE-2025-13609: Keylime Auth Bypass Vulnerability

CVE-2025-13609 is an authentication bypass flaw in keylime that allows attackers to register agents with existing UUIDs using different TPM devices, enabling identity impersonation and security control bypass.

Published:

CVE-2025-13609 Overview

CVE-2025-13609 is a high-severity vulnerability in keylime, a remote boot attestation and runtime integrity measurement tool. An authenticated attacker can register a new agent using a different Trusted Platform Module (TPM) device while claiming an existing agent's unique identifier (UUID). The registration process overwrites the legitimate agent's identity in the registrar. After overwriting, the attacker impersonates the compromised agent and can bypass downstream attestation-based security controls. The flaw is tracked under [CWE-694: Use of Multiple Resources with Duplicate Identifier]. Red Hat has shipped fixes through multiple advisories spanning RHSA-2025:23201 through RHSA-2026:0429.

Critical Impact

An attacker with registrar access can hijack an existing keylime agent's identity using an attacker-controlled TPM, defeating remote attestation guarantees and impersonating trusted workloads.

Affected Products

  • keylime (upstream project)
  • Red Hat Enterprise Linux distributions shipping keylime (see Red Hat advisories RHSA-2025:23201, RHSA-2025:23210, RHSA-2025:23628, RHSA-2025:23735, RHSA-2025:23852, RHSA-2026:0429)
  • Environments using keylime for TPM-based remote attestation

Discovery Timeline

  • 2025-11-24 - CVE-2025-13609 published to NVD
  • 2026-04-15 - Last updated in NVD database

Technical Details for CVE-2025-13609

Vulnerability Analysis

Keylime uses a registrar service to track agents by UUID and bind them to a specific TPM endorsement key (EK). The vulnerability arises because the registrar accepts a re-registration request for an existing UUID without enforcing that the new request originates from the same TPM. An attacker who can reach the registrar API and authenticate at the required privilege can submit a registration using their own TPM while reusing a legitimate agent's UUID.

The registrar overwrites the stored EK and AIK material associated with that UUID. Subsequent attestation flows then validate against the attacker's TPM rather than the original device. Verifiers downstream trust the impersonated agent because the UUID matches the expected identity in policy. This breaks the binding between hardware root of trust and logical agent identity that keylime is designed to enforce.

Root Cause

The registrar lacks an integrity check that ties a UUID to its original TPM identity at re-registration time. Duplicate identifier handling [CWE-694] allows the most recent registration to silently replace prior trust material without verifying continuity of the underlying hardware root of trust.

Attack Vector

Exploitation requires network access to the keylime registrar and the privileges needed to submit an agent registration. The attacker provisions a system with their own TPM, generates the necessary attestation key material, and registers it under a targeted UUID belonging to a legitimate, already-enrolled agent. After overwrite, the attacker's host responds to attestation challenges and is treated as the legitimate agent by verifiers and tenant policy.

No verified public exploit code is available. For technical details, refer to the GitHub Keylime Issue #1820 and the Red Hat CVE Analysis for CVE-2025-13609.

Detection Methods for CVE-2025-13609

Indicators of Compromise

  • Registrar log entries showing re-registration of an existing UUID with a new endorsement key (EK) or attestation identity key (AIK) hash.
  • Attestation quotes for a known UUID originating from an unexpected source IP, hostname, or network segment.
  • Sudden changes in PCR baseline values for an agent without a corresponding maintenance or patching event.
  • Verifier alerts where an agent's measured boot data no longer matches its historical baseline.

Detection Strategies

  • Enable verbose registrar logging and ship events to a centralized log store; alert on any registration replacing an existing UUID.
  • Maintain an out-of-band inventory of authorized UUID-to-EK mappings and reconcile it against the registrar database on a schedule.
  • Cross-reference agent source IP and asset inventory against the UUID claimed during attestation to detect mismatches.

Monitoring Recommendations

  • Monitor keylime registrar and verifier API endpoints for unauthenticated or unexpected POST requests to agent registration paths.
  • Track changes to the EK certificate hash for each agent and treat any change as a high-severity event pending review.
  • Forward keylime, TPM, and host audit logs to a SIEM or data lake for correlation with identity and workload telemetry.

How to Mitigate CVE-2025-13609

Immediate Actions Required

  • Apply the keylime updates referenced in Red Hat Security Advisory RHSA-2025:23201 and the related advisories for your distribution.
  • Restrict network access to the keylime registrar API to trusted management networks and authorized operators only.
  • Audit the current registrar database for UUID collisions or EK changes that cannot be tied to a documented re-enrollment event.
  • Re-enroll affected agents from a known-good baseline after patching.

Patch Information

Red Hat has released fixes through the following errata: RHSA-2025:23201, RHSA-2025:23210, RHSA-2025:23628, RHSA-2025:23735, RHSA-2025:23852, and RHSA-2026:0429. Upstream tracking is available in GitHub Keylime Issue #1820 and Red Hat Bug Report #2416761.

Workarounds

  • Place the registrar behind a network segment accessible only to enrollment workflows; block lateral access from general workloads.
  • Require mutual TLS authentication with tightly scoped client certificates for any registrar interaction.
  • Disable or tightly gate re-registration of existing UUIDs until patched packages are deployed across the fleet.
  • Implement procedural controls that require explicit operator approval before any UUID is re-bound to a new TPM EK.
bash
# Configuration example: restrict registrar to a management interface
# /etc/keylime/registrar.conf
[registrar]
ip = 10.10.0.5
port = 8890
tls_dir = /var/lib/keylime/cv_ca
require_client_certificate = True

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne