Red Hat Security Advisory: gnupg2 security update
The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es): * GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write (CVE-2025-68973) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
AI Analysis
Technical Summary
CVE-2025-68973 is a vulnerability in GnuPG (gnupg2) that allows information disclosure and potentially arbitrary code execution via an out-of-bounds write. This affects Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions across multiple architectures (x86_64, ppc64le, aarch64, s390x). Red Hat has issued an important security advisory (RHSA-2026:1719) and released updated gnupg2 packages to address this issue. The vulnerability is categorized under CWE-675 (Duplicate Operations on Resource). No CVSS score is provided in the advisory. No known exploits in the wild have been reported.
Potential Impact
The vulnerability could lead to unauthorized disclosure of information and may allow an attacker to execute arbitrary code on affected systems. This poses a significant security risk, especially in environments relying on GnuPG for encryption and digital signatures. The severity is rated as high by the source, indicating a serious impact if exploited. However, no active exploitation has been observed so far.
Mitigation Recommendations
Red Hat has released updated gnupg2 packages that fix this vulnerability. Users of affected Red Hat Enterprise Linux 9.0 variants should apply these official updates promptly. Detailed instructions for applying the update are available in the Red Hat advisory (https://access.redhat.com/articles/11258). Since this is an official fix, applying the update fully mitigates the vulnerability. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: gnupg2 security update
Description
The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es): * GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write (CVE-2025-68973) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-68973 is a vulnerability in GnuPG (gnupg2) that allows information disclosure and potentially arbitrary code execution via an out-of-bounds write. This affects Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions across multiple architectures (x86_64, ppc64le, aarch64, s390x). Red Hat has issued an important security advisory (RHSA-2026:1719) and released updated gnupg2 packages to address this issue. The vulnerability is categorized under CWE-675 (Duplicate Operations on Resource). No CVSS score is provided in the advisory. No known exploits in the wild have been reported.
Potential Impact
The vulnerability could lead to unauthorized disclosure of information and may allow an attacker to execute arbitrary code on affected systems. This poses a significant security risk, especially in environments relying on GnuPG for encryption and digital signatures. The severity is rated as high by the source, indicating a serious impact if exploited. However, no active exploitation has been observed so far.
Mitigation Recommendations
Red Hat has released updated gnupg2 packages that fix this vulnerability. Users of affected Red Hat Enterprise Linux 9.0 variants should apply these official updates promptly. Detailed instructions for applying the update are available in the Red Hat advisory (https://access.redhat.com/articles/11258). Since this is an official fix, applying the update fully mitigates the vulnerability. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:1719
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a19feb5e29bf47b500fc38b
Added to database: 5/29/2026, 9:01:41 PM
Last enriched: 5/29/2026, 9:04:41 PM
Last updated: 5/31/2026, 4:59:01 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.