CVE-2020-25265
Description
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
AppImage libappimage before 1.0.3 allows overwriting system-installed .desktop files via crafted AppImage files with path components in the Name field.
Vulnerability
AppImage libappimage versions before 1.0.3 contain a flaw where a .desktop file within an AppImage can include a Name= entry with path components (e.g., Name=../../usr/share/applications/nautilus.desktop). When the AppImage is processed by appimaged, the embedded .desktop file is extracted and written to the user's local applications directory, potentially overwriting a system-installed .desktop file. This vulnerability affects all versions of appimaged and libappimage prior to 1.0.3 [1].
Exploitation
An attacker can craft a malicious AppImage file with a valid ELF/AppImage header and embed a .desktop file containing a path traversal in the Name field. The file may also be disguised as a different media type (e.g., an MP3 file) to avoid suspicion, as the AppImage headers can be placed at the beginning of the file without affecting playability. When appimaged scans directories (including user directories like ~/Downloads or ~/Desktop), it detects the ELF/AppImage signature and extracts the embedded .desktop file, writing it to the standard applications directory (e.g., ~/.local/share/applications/). No user interaction is required beyond the file being present in a monitored directory [1].
Impact
Successful exploitation allows an attacker to overwrite or replace a system-installed .desktop file with a malicious one. When the user subsequently launches the associated application (e.g., via GNOME Files/Nautilus), the rogue .desktop file executes the attacker's payload binary instead of the legitimate application. This can lead to arbitrary code execution in the context of the user, potentially compromising user data or system integrity [1].
Mitigation
Update to libappimage version 1.0.3 or later, which contains the fix. The fix was introduced in the official repository and is available via GitHub [1]. No workaround is available for systems running older versions. Users should ensure their package manager offers the updated version or manually compile/install the patched library. This CVE is not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- AppImage/libappimagedescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
News mentions
0No linked articles in our index yet.