Aikido Intel
Secure My Code
Intel

AIKIDO-2025-10905

rustls-pemfile is vulnerable to Use of Unmaintained Third Party Components

Use of Unmaintained Third Party Components Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Dec 9, 2025

50

Medium Risk

This Affects:

rustrustls-pemfile
0.0.0 - *
Are you affected? Scan for Free

TL;DR

The rustls-pemfile crate is no longer maintained and has been archived since August 2025. The maintainer recommends using the built-in PEM parsing functionality provided directly by rustls-pki-types (available since version 1.9.0). Because the latest rustls-pemfile release is already just a thin wrapper around the same parsing code, migrating to rustls-pki-types should be straightforward.

Who does this affect?

You are affected if you are using this package.

Background info

rustls-pemfile is vulnerable to Use of Unmaintained Third Party Components in all versions.

How to fix this

Remove any rustls-pemfile package from your application. Please take a look at the PemObject trait, which provides methods for reading a single or multiple PEM objects from a file or byte slice.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done