CVE-2025-5981 - Vulnerability Details - OpenCVE

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59
https://github.com/google/osv-scalibr/releases/tag/v0.1.8

History

Wed, 18 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Jun 2025 08:45:00 +0000

Type	Values Removed	Values Added
Description		Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.
Title		Arbitrary File write in OSV-SCALIBR
Weaknesses		CWE-427
References		https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59 https://github.com/google/osv-scalibr/releases/tag/v0.1.8
Metrics		cvssV4_0 `{'score': 5.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2025-06-18T08:28:02.899Z

Updated: 2025-06-18T13:42:49.567Z

Reserved: 2025-06-10T12:31:04.353Z

Link: CVE-2025-5981

Vulnrichment

Updated: 2025-06-18T13:42:43.144Z

NVD

Status : Awaiting Analysis

Published: 2025-06-18T09:15:47.660

Modified: 2025-06-18T13:46:52.973

Link: CVE-2025-5981

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5981", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2025-06-10T12:31:04.353Z", "datePublished": "2025-06-18T08:28:02.899Z", "dateUpdated": "2025-06-18T13:42:49.567Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/google/osv-scalibr", "defaultStatus": "unaffected", "packageName": "osv-scalibr", "product": "osv-scalibr", "programFiles": ["artifact/image/layerscanning/image/image.go"], "vendor": "Google", "versions": [{"lessThan": "0.1.8", "status": "affected", "version": "0.1.3", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Anthony Weems of Google's Cloud Vulnerability Research team"}, {"lang": "en", "type": "finder", "value": "Simon Scannell of Google's Cloud Vulnerability Research team"}, {"lang": "en", "type": "finder", "value": "Stefan Schiller of Google's Cloud Vulnerability Research team"}], "datePublic": "2025-04-24T22:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's </span><code>unpack()</code><span style=\"background-color: rgb(255, 255, 255);\"> function for container images. Particularly, when using the CLI flag </span><code>--remote-image</code><span style=\"background-color: rgb(255, 255, 255);\"> on untrusted container images.</span><br>"}], "value": "Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack()\u00a0function for container images. Particularly, when using the CLI flag --remote-image\u00a0on untrusted container images."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.7, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2025-06-18T08:28:02.899Z"}, "references": [{"url": "https://github.com/google/osv-scalibr/releases/tag/v0.1.8"}, {"url": "https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59"}], "source": {"discovery": "UNKNOWN"}, "title": "Arbitrary File write in OSV-SCALIBR", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-18T13:42:36.658295Z", "id": "CVE-2025-5981", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T13:42:49.567Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5981", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-18T13:42:36.658295Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T13:42:43.144Z"}}], "cna": {"title": "Arbitrary File write in OSV-SCALIBR", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Anthony Weems of Google's Cloud Vulnerability Research team"}, {"lang": "en", "type": "finder", "value": "Simon Scannell of Google's Cloud Vulnerability Research team"}, {"lang": "en", "type": "finder", "value": "Stefan Schiller of Google's Cloud Vulnerability Research team"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.7, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Google", "product": "osv-scalibr", "versions": [{"status": "affected", "version": "0.1.3", "lessThan": "0.1.8", "versionType": "semver"}], "packageName": "osv-scalibr", "programFiles": ["artifact/image/layerscanning/image/image.go"], "collectionURL": "https://github.com/google/osv-scalibr", "defaultStatus": "unaffected"}], "datePublic": "2025-04-24T22:00:00.000Z", "references": [{"url": "https://github.com/google/osv-scalibr/releases/tag/v0.1.8"}, {"url": "https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack()\u00a0function for container images. Particularly, when using the CLI flag --remote-image\u00a0on untrusted container images.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's </span><code>unpack()</code><span style=\"background-color: rgb(255, 255, 255);\"> function for container images. Particularly, when using the CLI flag </span><code>--remote-image</code><span style=\"background-color: rgb(255, 255, 255);\"> on untrusted container images.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2025-06-18T08:28:02.899Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5981", "state": "PUBLISHED", "dateUpdated": "2025-06-18T13:42:49.567Z", "dateReserved": "2025-06-10T12:31:04.353Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2025-06-18T08:28:02.899Z", "assignerShortName": "Google"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack()\u00a0function for container images. Particularly, when using the CLI flag --remote-image\u00a0on untrusted container images."}], "id": "CVE-2025-5981", "lastModified": "2025-06-18T13:46:52.973", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2025-06-18T09:15:47.660", "references": [{"source": "cve-coordination@google.com", "url": "https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59"}, {"source": "cve-coordination@google.com", "url": "https://github.com/google/osv-scalibr/releases/tag/v0.1.8"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}