Lucene search
+L

7 matches found

Chainguard
Chainguard
•added 2025/07/30 1:17 p.m.•15 views

CVE-2025-54059 vulnerabilities

Vulnerabilities for packages: cg...

4.4CVSS6.6AI score0.00125EPSS
Exploits0
SUSE CVE
SUSE CVE
•added 2025/07/19 11:21 p.m.•7 views

SUSE CVE-2025-54059

melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image,...

4.4CVSS6.8AI score0.00125EPSS
Exploits0References3
NVD
NVD
•added 2025/07/18 4:15 p.m.•28 views

CVE-2025-54059

melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image,...

4.4CVSS0.00125EPSS
Exploits0References7
Vulnrichment
Vulnrichment
•added 2025/07/18 3:40 p.m.•7 views

CVE-2025-54059 melange creates SBOM files in APKs with world-writable permissions

melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image,...

4.4CVSS7.1AI score0.00125EPSS
Exploits0References7
CVE
CVE
•added 2025/07/18 3:40 p.m.•116 views

CVE-2025-54059

Summary of CVE-2025-54059 (melange) The vulnerability concerns melange creating SBOM files inside APKs with world-writable permissions (mode 666) during build pipelines. It affects versions from 0.23.0 up to, but not including, 0.29.5. This state could allow an unprivileged user to tamper with SB...

4.4CVSS6.5AI score0.00125EPSS
Exploits0References7
Cvelist
Cvelist
•added 2025/07/18 3:40 p.m.•35 views

CVE-2025-54059 melange creates SBOM files in APKs with world-writable permissions

melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image,...

4.4CVSS0.00125EPSS
Exploits0References7
OSV
OSV
•added 2025/07/18 3:40 p.m.•11 views

CVE-2025-54059 melange creates SBOM files in APKs with world-writable permissions

melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image,...

4.4CVSS6.4AI score0.00125EPSS
Exploits0References9
Rows per page
Query Builder