CNNVD-202511-1547 Information

CNNVD ID

CNNVD-202511-1547

Related CVE

CVE-2025-64726

• CNNVD Published: 2025-11-13

Description (Chinese)

Socket Firewall是Socket开源的一个防火墙软件。 Socket Firewall 0.15.5之前版本存在代码问题漏洞，该漏洞源于在不受信任的项目目录中运行时可能执行任意代码，可能导致绕过恶意包检测。

Description (English)

Socket Firewall is a firewall software for Socket open source. There is a code gap in the pre-Socket Firewall 0.15.5 version, which stems from the possibility of implementing any code when running in an untrustworthy project catalogue, which could lead to the circumvention of malicious package detection.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Socket

Published

2025-11-13

Last Modified

2026-02-24

References

https://github.com/SocketDev/firewall-release/security/advisories/GHSA-6c5p-vqrh-h6fp https://bsky.app/profile/evilpacket.net/post/3m4iylwxtns2t https://access.redhat.com/security/cve/cve-2025-64726

Patch

https://github.com/SocketDev/firewall-release