8.8

CVE-2026-25707

Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseLibzypp Version < 17.38.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.6% 0.443
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
meissner@suse.de 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

https://bugzilla.suse.com/show_bug.cgi?id=1259802
Issue Tracking
https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b
Patch