CVE-2025-53945 HIGH

CVE-2025-53945: apko has incorrect permission (0666) in /etc/ld.so.cache and other files

Vendor Chainguard-Dev
Product apko
Weakness CWE-276
Published July 18, 2025
Last update July 22, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue.

Key dates

02Disclosure timeline

July 18, 2025 CVE published
July 22, 2025 Record updated