Home > Vulnerability Database > CVE-2025-60892

Mend.io Vulnerability Database

CVE-2025-60892

Good to know:

Date: November 2, 2025

An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi, even after the user explicitly deletes the key from the user interface. This creates an unintended attack surface, as it could allow an attacker to use a different key than the intended one to login to the device.

Severity Score

6.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-60892

Url: https://github.com/raspberrypi/rpi-imager/issues/1185

Url: https://www.mend.io/vulnerability-database/CVE-2025-60892

Severity Score

6.8

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version https://github.com/raspberrypi/rpi-imager.git - v2.0.0-rc3

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-60892

Good to know:

Date: November 2, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?