Skip to main content

Ubuntu CVE-2025-64750

| EUVDEUVD-2025-200289 MEDIUM
UNIX Symbolic Link (Symlink) Following (CWE-61)
2025-12-02 security-advisories@github.com GHSA-wwrx-w7c9-rf87
4.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.5 MEDIUM
AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 14:04 euvd
EUVD-2025-200289
Analysis Generated
Mar 15, 2026 - 14:04 vuln.today
CVE Published
Dec 02, 2025 - 18:15 nvd
MEDIUM 4.5

DescriptionGitHub Advisory

SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so that it is ineffective. The attacker must cause the user to run a malicious container image that redirects the mount of /proc to the destination of a shared mount, either known to be configured on the target system, or that will be specified by the user when running the container. The attacker must also control the content of the shared mount, for example through another malicious container which also binds it, or as a user with relevant permissions on the host system it is bound from. This vulnerability is fixed in SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5.

AnalysisAI

A remote code execution vulnerability (CVSS 4.5). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

Vulnerability type: remote code execution.

RemediationAI

Monitor vendor channels for patch availability.

Vendor StatusVendor

Ubuntu

Priority: Medium
singularity-container
Release Status Version
bionic needs-triage -
jammy DNE -
noble needs-triage -
questing needs-triage -
upstream needs-triage -
plucky ignored end of life, was needs-triage

Debian

Bug #1121843
singularity-container
Release Status Fixed Version Urgency
sid vulnerable 4.1.5+ds4-1 -
(unstable) fixed (unfixed) -

SUSE

Severity: Medium

Share

CVE-2025-64750 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy