Critical severityOSV Advisory· Published Mar 4, 2025· Updated Apr 15, 2026
CVE-2025-27510
CVE-2025-27510
Description
conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, it can result in remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20.1.0, 0.2.0, 0.3.0, …+ 1 more
- (no CPE)range: 0.1.0, 0.2.0, 0.3.0, …
- (no CPE)
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.