/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-6788-h35v-g6q7

Published

Last updated

https://images.chainguard.dev/security/CGA-6788-h35v-g6q7
Package

skaffold

RepositoryWolfi
Latest Update
Pending upstream fix
Aliases
  • CVE-2025-54410
  • GHSA-4vq8-7jfc-9cvp

Severity

5.2

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-54410

Updates

Status

Pending upstream fix

Impact

The vulnerability remediation requires upgrading github.com/docker/docker to v28. However, this upgrade introduces breaking API changes (ImageHistory, ImageLoad, types.ImageLoadResponse) that are not yet supported by dependent libraries (go-containerregistry, imgutil, skaffold). As a result, the build fails when attempting to move to v28. Upstream projects need to update their dependency trees and adapt their code to the new Docker client API. Once upstream resolves these incompatibilities, we can safely upgrade to v28 and remediate the vulnerability.

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing