Skip to main content

Ubuntu CVE-2025-65105

| EUVDEUVD-2025-200292 MEDIUM
UNIX Symbolic Link (Symlink) Following (CWE-61)
2025-12-02 security-advisories@github.com GHSA-j3rw-fx6g-q46j
4.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.5 MEDIUM
AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 15, 2026 - 14:04 euvd
EUVD-2025-200292
Analysis Generated
Mar 15, 2026 - 14:04 vuln.today
Patch released
Mar 15, 2026 - 14:04 nvd
Patch available
CVE Published
Dec 02, 2025 - 18:15 nvd
MEDIUM 4.5

DescriptionGitHub Advisory

Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor:<profile> and --security=selinux:<label> which otherwise put restrictions on operations that containers can do. The --security option has always been mentioned in Apptainer documentation as being a feature for the root user, although these forms do also work for unprivileged users on systems where the corresponding feature is enabled. Apparmor is enabled by default on Debian-based distributions and SElinux is enabled by default on RHEL-based distributions, but on SUSE it depends on the distribution version. This vulnerability is fixed in 1.4.5.

AnalysisAI

A remote code execution vulnerability in Apptainer (CVSS 4.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Technical ContextAI

Vulnerability type: remote code execution. Affects Apptainer.

RemediationAI

Apply the vendor-supplied patch immediately.

Vendor StatusVendor

Ubuntu

Priority: Medium
apptainer
Release Status Version
jammy DNE -
noble DNE -
plucky DNE -
questing needs-triage -
upstream needs-triage -

Debian

Bug #1121844
apptainer
Release Status Fixed Version Urgency
forky fixed 1.4.5-1 -
sid fixed 1.4.5-2 -
(unstable) fixed 1.4.5-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for HPC 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP6-LTSS Fixed
openSUSE Leap 15.6 Fixed
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2025-65105 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy