CVE-2025-25204: `gh attestation verify` returns incorrect exit code during verification if no attestations are present

A bug in GitHub’s Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type <value> or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact has an attestation with a predicate type different from the one provided in the command. As a result, users relying solely on these exit codes may mistakenly believe the attestation has been verified, despite the absence of an attestation with the specified predicate type and the tool printing a verification failure.

Users are advised to update gh to version v2.67.0 as soon as possible.

Initial report: https://github.com/cli/cli/issues/10418 Fix: https://github.com/cli/cli/pull/10421