CVE-2025-6297

CWE-400Uncontrolled Resource ConsumptionCWE-732Incorrect Permission Assignment6 documents6 sources
Severity
8.2HIGH
EPSS
0.1%
top 76.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Dpkg
Timeline
PublishedJul 1
Latest updateSep 24

Description

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2

Affected Packages3 packages

CVEListV5debian/dpkg< ed6bbd445dd8800308c67236ba35d08004c98e82
NVDdebian/dpkg< 1.22.21
Debiandpkg< 1.22.21+1

Patches

Patch: git.dpkg.org

🔴Vulnerability Details

3
CVEList
dpkg-deb: Fix cleanup for control member with restricted directories2025-07-01
GHSA
GHSA-w56q-6jw5-h5xf: It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is2025-07-01
OSV
CVE-2025-6297: It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is2025-07-01

📋Vendor Advisories

2
Ubuntu
dpkg vulnerability2025-09-24
Debian
CVE-2025-6297: dpkg - It was discovered that dpkg-deb does not properly sanitize directory permissions...2025
CVE-2025-6297 (HIGH CVSS 8.2) | It was discovered that dpkg-deb doe | cvebase.io