CVE-2025-60892 identifies a security vulnerability in Raspberry Pi Imager version 1.9.6 for Windows, specifically within its OS customization feature that manages SSH public key authentication. The imager is designed to allow users to customize Raspberry Pi OS images, including adding SSH public keys to the authorized_keys file to enable secure remote login. However, this vulnerability causes the imager to re-add the user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi even after the user explicitly deletes the key through the user interface. This unintended behavior creates an attack surface by allowing SSH access with a key that the user intended to remove, potentially enabling unauthorized access if an attacker gains control or access to the local Windows environment or the imager process. The vulnerability does not currently have a CVSS score and no known exploits have been reported in the wild. Exploitation requires the attacker to have access to the Windows machine running the imager and to use the OS customization feature to prepare the Raspberry Pi image. The flaw affects the confidentiality and integrity of the Raspberry Pi device by potentially allowing unauthorized SSH logins, which could lead to further compromise of the device and connected networks. The issue is specific to the Windows version of the imager and version 1.9.6, with no information about other versions being affected. No patches or updates have been linked yet, indicating users should exercise caution and monitor for updates. The vulnerability is particularly relevant for environments where Raspberry Pi devices are deployed with customized OS images, such as educational institutions, industrial IoT setups, and development environments.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of Raspberry Pi devices configured using the affected imager version. Unauthorized SSH access could allow attackers to execute arbitrary commands, install malware, or pivot to other network resources, potentially compromising sensitive data and operational technology. Organizations using Raspberry Pi devices in critical infrastructure, research, or industrial automation may face operational disruptions or data breaches. The risk is heightened in environments where physical security is limited or where the Windows machines used for imaging are shared or less secure. While the vulnerability does not directly affect availability, unauthorized access could lead to device misconfiguration or denial of service through malicious actions. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once the vulnerability becomes widely known. European organizations relying on Raspberry Pi for prototyping, IoT deployments, or educational purposes should assess their exposure and implement controls to prevent unauthorized access.

1. Avoid using Raspberry Pi Imager version 1.9.6 on Windows for OS customization until a patch is released. 2. Manually verify and clean the authorized_keys file on Raspberry Pi devices after imaging to ensure only intended keys are present. 3. Use alternative imaging tools or methods that do not exhibit this behavior, such as imaging on Linux or macOS if feasible. 4. Restrict access to Windows machines used for imaging to trusted personnel and secure them with strong authentication and endpoint protection. 5. Monitor Raspberry Pi devices for unauthorized SSH logins and implement network segmentation to limit potential lateral movement. 6. Stay updated with Raspberry Pi Foundation announcements for patches or updated imager versions addressing this vulnerability. 7. Educate users about the risks of SSH key management and the importance of verifying authorized_keys content post-imaging. 8. Consider disabling SSH key authentication temporarily if practical and use alternative secure access methods until the issue is resolved.