5 matches found
CVE-2025-32797
The Conda-build contains commands and tools to build Conda packages. Prior to version 25.3.1, The writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. This flaw allows attacker...
CVE-2025-32797
creationtimestamp| type| source ---|---|--- 2025-06-16 19:26:55+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114694685602522986 2025-06-16 20:37:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18527 2025-12-17 14:22:27+00:00| seen|...
CVE-2025-32797
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...
CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...
CVE-2025-32797
Conda-build before 25.3.1 creates a temporary build script (conda_build.sh) with overly permissive 0o766 permissions. A local attacker with filesystem access can race between creation and execution to overwrite the script, enabling arbitrary code execution under the victim’s privileges. Fedora an...