Description

apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue.

INFO

Published Date :

2025-07-18T15:35:17.325Z

Last Modified :

2025-07-22T15:03:42.966Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-53945 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53945.

URL Resource
https://github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9 cve-icon cve-icon
https://github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3 cve-icon cve-icon
https://github.com/chainguard-dev/apko/releases/tag/v0.27.0 cve-icon cve-icon
https://github.com/chainguard-dev/apko/releases/tag/v0.29.5 cve-icon cve-icon
https://github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact