VDB
CVE-2025-53945
CVE-2025-53945
PUBLISHED
CVSS 7 HIGH
apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue.
EPSS 0.07% · 21.9th percentile
Risk Scores
CVSS 3.1
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
EPSS Score
0.07%
21.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| chainguard-dev | apko | * |
| chainguard.dev | apko | 0.27.0 |
Exploit Intelligence
- https://github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw (circl)
- https://github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9 (circl)
- https://github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3 (circl)
- https://github.com/chainguard-dev/apko/releases/tag/v0.27.0 (circl)
- https://github.com/chainguard-dev/apko/releases/tag/v0.29.5 (circl)
Timeline
- Jan 21, 1970 Security Advisory
- Jul 18, 2025 CVE Published
- Jul 18, 2025 Coalition ESS Score
- Jul 19, 2025 EPSS Score
- Jul 22, 2025 Coalition ESS Score
- Jul 28, 2025 EPSS Score
- Aug 6, 2025 EPSS Score
- Aug 15, 2025 EPSS Score
- Aug 22, 2025 Coalition ESS Score
- Aug 25, 2025 EPSS Score
- Aug 26, 2025 Coalition ESS Score
- Sep 3, 2025 EPSS Score
References
- https://github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw url
- https://github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9 url
- https://github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3 url
- https://github.com/chainguard-dev/apko/releases/tag/v0.27.0 url
- https://github.com/chainguard-dev/apko/releases/tag/v0.29.5 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-53945 advisory
- https://github.com/chainguard-dev/apko package