apko has incorrect permission (0666) in /etc/ld.so.cache and other files

7 / 10

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

Description

apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue.

Basic Information

ID CVE-2025-53945

Source GitHub_M

Published Jul 18, 2025 at 15:35

Modified Jul 22, 2025 at 15:03

Affected Product

Vendor chainguard-dev

Product apko

Version >= 0.27.0, < 0.29.5

Affected Versions chainguard-dev apko >= 0.27.0, < 0.29.5

CWE Classification

CWE-276

References

{
    "lastseen": "",
    "description": "apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue.",
    "published": "2025-07-18T15:35:17.325Z",
    "modified": "2025-07-22T15:03:42.966Z",
    "type": "cve",
    "title": "apko has incorrect permission (0666) in /etc/ld.so.cache and other files",
    "source": "GitHub_M",
    "references": "https://github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw\nhttps://github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9\nhttps://github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3\nhttps://github.com/chainguard-dev/apko/releases/tag/v0.27.0\nhttps://github.com/chainguard-dev/apko/releases/tag/v0.29.5",
    "id": "CVE-2025-53945",
    "bulletinFamily": "",
    "cwe": [
        "CWE-276"
    ],
    "cvelist": null,
    "sourceData": "chainguard-dev apko >= 0.27.0, < 0.29.5",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "apko",
    "version": ">= 0.27.0, < 0.29.5",
    "vendor": "chainguard-dev",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

apko has incorrect permission (0666) in /etc/ld.so.cache and other files_CVE-2025-53945