Moderate severityNVD Advisory· Published Jun 18, 2025· Updated Jun 18, 2025
Arbitrary File write in OSV-SCALIBR
CVE-2025-5981
Description
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/google/osv-scalibrGo | >= 0.1.3, < 0.2.1 | 0.2.1 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/google/osv-scalibrpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
>= 0.1.3, < 0.2.1+ 1 more
- (no CPE)range: >= 0.1.3, < 0.2.1
- (no CPE)range: < 0.0.20250730T213748-1.1
- Range: 0.1.3
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.