CVE-2025-32799

| EUVD-2025-18459 CRITICAL
2025-06-16 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 14, 2026 - 21:59 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:59 euvd
EUVD-2025-18459
Patch Released
Mar 14, 2026 - 21:59 nvd
Patch available
PoC Detected
Jul 02, 2025 - 18:12 vuln.today
Public exploit code
CVE Published
Jun 16, 2025 - 21:15 nvd
CRITICAL 9.8

Tags

RCE Privilege Escalation Path Traversal Conda Build

Description

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal sequences to write files outside the intended extraction directory. This could lead to arbitrary file overwrites, privilege escalation, or code execution if sensitive locations are targeted. This issue has been patched in version 25.4.0.

Analysis

Conda-build versions prior to 25.4.0 are vulnerable to path traversal (Tarslip) attacks that allow unauthenticated remote attackers to write arbitrary files outside intended extraction directories by crafting malicious tar archives with directory traversal sequences. This critical vulnerability (CVSS 9.8) affects all users and systems utilizing conda-build for package compilation, with potential for privilege escalation and code execution depending on target file locations and system permissions.

Technical Context

Conda-build is a packaging tool used to construct conda packages from source code. The vulnerability exists in the tar archive extraction processing logic, which fails to properly sanitize or validate tar entry paths before extraction. This is a classic CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, 'Path Traversal') vulnerability, also known as a Tarslip attack. Affected CPE: cpe:2.3:a:anaconda:conda-build:*:*:*:*:*:*:*:* (versions < 25.4.0). The root cause stems from inadequate input validation on tar entry names containing sequences like '../' or absolute paths, which when processed by tar extraction functions without sanitization, write files to unintended locations in the filesystem hierarchy.

Affected Products

Anaconda conda-build (< 25.4.0)

Remediation

- action: immediate_patch; details: Upgrade conda-build to version 25.4.0 or later immediately. Execute: 'conda install conda-build=25.4.0' or 'pip install --upgrade conda-build>=25.4.0'. - action: temporary_mitigation; details: Until patched, restrict tar archive processing to trusted sources only. Implement air-gapped or network-isolated build environments. Disable automatic package fetching and require manual, source-verified tar archives. - action: validation; details: After upgrading, verify patch installation with 'conda-build --version' and confirm version output is >= 25.4.0. Re-run any previously built packages to ensure no compromised artifacts were generated. - action: monitoring; details: Monitor conda-build processes for unusual file write patterns outside build directories. Use file integrity monitoring (e.g., aide, osquery) on critical system directories (/etc, /usr/bin, /opt, /home) during build operations.

Priority Score

70
Low Medium High Critical
KEV: 0
EPSS: +0.8
CVSS: +49
POC: +20

Share

CVE-2025-32799 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy