CVE-2025-70341

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-70341
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-70341.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-70341
Published
2026-03-04T15:16:12.467Z
Modified
2026-04-10T05:37:01.290849Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.

References

Affected packages

Git / github.com/app-auto-patch/app-auto-patch

Affected ranges

Type
GIT
Repo
https://github.com/app-auto-patch/app-auto-patch
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c1a5c8d5b9afb9cd4f315cf3cd62e8077c44b192
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.4.2"
        }
    ]
}

Affected versions

2.*
2.0.0
2.0.0rc1
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.11.5
2.11.6
2.11.7
2.11.8
2.11.9
2.8.1
2.9.0
2.9.2
2.9.3
2.9.4
2.9.5
2.9.7
3.*
3.0.0
3.0.0-beta4
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0
3.1.0-beta2
3.1.1
3.1.2
Version_3.*
Version_3.2.0
Version_3.2.1
Version_3.2.2
Version_3.3.0
Version_3.4.0
Version_3.4.1
Version_3.4.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-70341.json"