CVE-2025-32784
Conda-forge-webservices (versions prior to 2025.4.10) is vulnerable to an unauthorized artifact modification race condition (TOCTOU). The issue arises from a lack of atomicity between hash validation and the artifact copy, allowing an attacker with cf-staging access to overwrite a verified artifa...