CVE-2025-5981

Published June 18th, 2025

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

google/osv-scalibr

OSV-SCALIBR: A library for Software Composition Analysis

GitHub

606