VDB
GO-2025-3816
GO-2025-3816
PUBLISHED
apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files in chainguard.dev/apko
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| chainguard.dev | apko | 0.27.0, 0.27.0 |
Timeline
- Jul 29, 2025 CVE Published
- Feb 4, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-53945 advisory
- https://github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9 fix
- https://github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3 fix
- https://github.com/chainguard-dev/apko/releases/tag/v0.29.5 fix