CNNVD-202511-716 Information

Nov 07, 2025 cve

CNNVD ID

CNNVD-202511-716

CVE-2025-64343

CNNVD Published: 2025-11-07

Description (Chinese)

Conda Constructor是Conda开源的一个从conda包创建安装程序的工具。 Conda Constructor 3.12.2及之前版本存在安全漏洞，该漏洞源于安装目录继承父目录权限，可能导致本地攻击者进行修改操作。

Description (English)

Conda Constructor is a tool for creating an installation from the conda package, an open source of Conda. There is a security loophole in Conda Contractor 3.12.2 and earlier versions, which stems from the installation of a directory to inherit parent directory privileges, which may lead to modifications by local attackers.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Conda

Published

2025-11-07

Last Modified

2026-02-24

References

https://github.com/conda/constructor/commit/c368383710a7c2b81ad1b0ecb9724b38d3577447 https://github.com/conda/constructor/releases/tag/3.13.0 https://github.com/conda/constructor/security/advisories/GHSA-vvpr-2qg4-2mrq https://access.redhat.com/security/cve/cve-2025-64343

Share on: