CVE Daily

CVE-2025-5981

Arbitrary file write as the OSV-SCALIBR user on the host system via a path trave...

Medium CVSS 6.5

Overview

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

CWE: CWE-427 Published: 2025-06-18T09:15:47.660
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.5 (MEDIUM)
  • Detected tags: arb_write, path (tag impact: MODERATE)

Recommended actions:

  • Canonicalize path; block `..` traversal; use allowlists.

Recommended tools

Tags