CVE-2025-32797

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-32797
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32797.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-32797
Aliases
  • GHSA-vfp6-3v8g-vcmm
Published
2025-06-16T18:46:31.227Z
Modified
2026-04-10T05:26:00.368004Z
Severity
  • 6.0 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution
Details

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions (0o766), allowing write access to all users. Attackers with filesystem access can exploit a race condition to overwrite the script before execution, enabling arbitrary code execution under the victim's privileges. This risk is significant in shared environments, potentially leading to full system compromise. Even with non-static directory names, attackers can monitor parent directories for file creation events. The brief window between script creation (with insecure permissions) and execution allows rapid overwrites. Directory names can also be inferred via timestamps or logs, and automation enables exploitation even with semi-randomized paths by acting within milliseconds of detection. This issue has been patched in version 25.3.1. A workaround involves restricting condabuild.sh permissions from 0o766 to 0o700 (owner-only read/write/execute). Additionally, use atomic file creation (write to a temporary randomized filename and rename atomically) to minimize the race condition window.

Database specific 
{
    "cwe_ids": [
        "CWE-277"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32797.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/conda/conda-build

Affected ranges

Type
GIT
Repo
https://github.com/conda/conda-build
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d49d2f23e1b7ae1bfc330dba3fa3603603463c15

Affected versions

1.*
1.10.0
1.11.0
1.13.0
1.14.0
1.14.1
1.16.0
1.17.0
1.18.0
1.18.1
1.18.2
1.19.0
1.19.1
1.19.2
1.2.1
1.20.0
1.20.1
1.20.2
1.20.2beta
1.20.3
1.20.3beta
1.7.1
1.8.0
1.8.2
1.9.0
2.*
2.0.0
2.0.0beta
2.0.0beta2
2.0.0beta3
2.0.0beta4
2.0.1
2.0.10
2.0.11
2.0.12
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.0beta1
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
25.*
25.3.0
3.*
3.0.0
3.0.0alpha1
3.0.0alpha2
3.0.0alpha3
3.0.0beta0
3.0.0beta1
3.0.0rc0
3.0.0rc1
3.0.1
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.2
3.0.20
3.0.21
3.0.22
3.0.23
3.0.24
3.0.25
3.0.26
3.0.27
3.0.28
3.0.29
3.0.3
3.0.30
3.0.31
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.10.0
3.10.1
3.10.2
3.10.3
3.10.4
3.10.5
3.10.6
3.10.7
3.10.8
3.10.9
3.11.0
3.12.0
3.12.1
3.13.0
3.14.0
3.14.1
3.14.2
3.14.3
3.14.4
3.15.0
3.15.1
3.16.0
3.16.1
3.16.2
3.16.3
3.17.0
3.17.1
3.17.2
3.17.3
3.17.4
3.17.5
3.17.6
3.17.7
3.17.8
3.18.0
3.18.1
3.18.10
3.18.12
3.18.2
3.18.3
3.18.4
3.18.5
3.18.6
3.18.7
3.18.8
3.18.9
3.19.0
3.19.1
3.19.2
3.19.3
3.2.0
3.2.1
3.2.2
3.20.0
3.20.1
3.20.3
3.20.5
3.21.0
3.21.1
3.21.3
3.21.4
3.21.5
3.21.6
3.21.7
3.21.8
3.21.9
3.22.0
3.23.0
3.23.1
3.23.2
3.23.3
3.24.0
3.3.0
3.4.0
3.4.1
3.4.2
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.7.2
3.8.0
3.8.1
3.9.0
3.9.1
3.9.2
v3.*
v3.20.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32797.json"