2 matches found
CVE-2025-54059 melange creates SBOM files in APKs with world-writable permissions
melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image,...
CVE-2025-54059
Summary of CVE-2025-54059 (melange) The vulnerability concerns melange creating SBOM files inside APKs with world-writable permissions (mode 666) during build pipelines. It affects versions from 0.23.0 up to, but not including, 0.29.5. This state could allow an unprivileged user to tamper with SB...