CVE-2025-53945

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-53945

Severity

7.0

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Summary

apko has incorrect permission (0666) in /etc/ld.so.cache and other files

Description

apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-53945
https://github.com/advisories/GHSA-x6ph-r535-3vjw
https://pkg.go.dev/vuln/GO-2025-3816
https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53945.json
https://github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9
https://github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3
https://github.com/chainguard-dev/apko/releases/tag/v0.27.0
https://github.com/chainguard-dev/apko/releases/tag/v0.29.5
https://github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-53945

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company