CVE-2025-13609 is a vulnerability identified in the Keylime project, an open-source remote attestation framework that leverages Trusted Platform Module (TPM) devices to verify the integrity and trustworthiness of agents (endpoints). The flaw stems from the system allowing multiple resources to be registered with duplicate unique identifiers (UUIDs). Specifically, an attacker with network access and high privileges can register a new agent using a different TPM device but claim the UUID of an existing legitimate agent. This action overwrites the legitimate agent's identity in the system, effectively enabling the attacker to impersonate the compromised agent. Such impersonation can lead to bypassing security controls that rely on agent identity for trust decisions. The vulnerability has a CVSS 3.1 score of 8.2, indicating high severity, with the vector indicating network attack vector, low attack complexity, requiring high privileges, no user interaction, and a scope change. The impact primarily affects integrity and availability, with some confidentiality impact due to potential unauthorized access. No patches or known exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed promptly. The root cause is insufficient validation and enforcement of unique UUID constraints during agent registration, allowing identity overwriting. This undermines the fundamental trust model of Keylime, which depends on unique TPM-backed agent identities for secure attestation and remote trust verification.

The vulnerability allows attackers to impersonate legitimate agents by overwriting their identities, which can lead to unauthorized access to sensitive systems and data. This undermines the integrity of the attestation process, potentially allowing malicious agents to bypass security controls that rely on TPM-backed identity verification. Organizations using Keylime for critical infrastructure protection, cloud environments, or distributed systems relying on remote attestation may experience compromised system integrity and availability. Attackers could disrupt operations by causing denial of service to legitimate agents or manipulate system states by masquerading as trusted entities. The confidentiality of sensitive information may also be at risk if attackers gain unauthorized access through impersonation. Given the network attack vector and low complexity, exploitation is feasible in environments where attackers have high privileges, increasing the risk in multi-tenant or cloud scenarios. The scope change indicates that the vulnerability affects components beyond the initially compromised agent, potentially impacting the broader system trust model.

To mitigate this vulnerability, organizations should implement strict validation mechanisms during agent registration to ensure UUID uniqueness and prevent overwriting existing agent identities. Keylime developers should release patches that enforce these constraints and add integrity checks to detect duplicate registrations. Network segmentation and strict access controls should limit which users or systems can register or modify agents, reducing the risk of privilege escalation. Monitoring and alerting on unusual agent registration activities can help detect exploitation attempts early. Employing multi-factor authentication and role-based access control for administrative functions will reduce the likelihood of attackers gaining the required high privileges. Additionally, organizations should conduct regular audits of agent identities and TPM device mappings to identify inconsistencies. Until patches are available, consider restricting agent registration functionality or isolating Keylime components in trusted network zones. Finally, updating Keylime to the latest secure versions and following vendor advisories is critical once fixes are released.