CVE-2025-29991 - Yubico YubiKey FIDO CTAP PIN/UV Auth Protocol Two Signature Verification Vulnerability

CVE ID : CVE-2025-29991
Published : April 3, 2025, 3:15 a.m. | 1 hour, 39 minutes ago
Description : Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...