VYPR
Moderate severityNVD Advisory· Published Jun 18, 2025· Updated Jun 18, 2025

Arbitrary File write in OSV-SCALIBR

CVE-2025-5981

Description

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/google/osv-scalibrGo
>= 0.1.3, < 0.2.10.2.1

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.