CNNVD-202507-2443 Information

Jul 18, 2025 cve

CNNVD ID

CNNVD-202507-2443

CVE-2025-53945

CNNVD Published: 2025-07-18

Description (Chinese)

apko是apko开源的一个基于 apk 的 OCI 镜像构建器。 apko 0.27.0至0.29.5之前版本存在安全漏洞，该漏洞源于文件权限设置不当，可能导致权限提升。

Description (English)

Apko is an apko based OCI mirror builder. There was a security loophole in the pre-apko 0.27.0 to 0.29.5 version, which stemmed from the inappropriate setting of document privileges, which could lead to an increase in privileges.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

apko

Published

2025-07-18

Last Modified

2026-02-24

References

https://github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9 https://github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3 https://github.com/chainguard-dev/apko/releases/tag/v0.27.0 https://github.com/chainguard-dev/apko/releases/tag/v0.29.5 https://github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw https://access.redhat.com/security/cve/cve-2025-53945

Patch

https://github.com/chainguard-dev/apko/releases

Share on: