Cyber Resilience

CVE-2025-32799

MediumPublic PoC

Published: 16 June 2025

Published
16 June 2025
Modified
02 July 2025
KEV Added
Patch
CVSS Score v4 5.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0217 84.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32799 is a medium-severity Path Traversal (CWE-22) vulnerability in Anaconda Conda-Build. Its CVSS base score is 5.6 (Medium).

Operationally, ranked in the top 15.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Conda-build, a set of commands and tools used to build conda packages, is affected by CVE-2025-32799 prior to version 25.4.0. The vulnerability is a path traversal issue, also known as Tarslip, that stems from insufficient sanitization of paths inside tar archives during extraction. An attacker-supplied tar can contain entries with directory traversal sequences such as “../”, allowing files to be written outside the intended target directory.

An unauthenticated attacker who can supply a malicious tar archive to conda-build processing logic can achieve arbitrary file overwrites. Successful exploitation may result in privilege escalation or arbitrary code execution when sensitive system locations are targeted. The attack requires user interaction to process the crafted archive and carries a CVSS 4.0 score of 5.6 with proof-of-concept exploit code noted.

The official GitHub Security Advisory GHSA-h499-pxgj-qh5h and the corresponding patch commit confirm that the issue is resolved in conda-build 25.4.0. Users are advised to upgrade immediately; the referenced source files in convert.py and render.py illustrate the locations where path sanitization was strengthened. The EPSS score has remained flat at 0.0217 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with…

more

directory traversal sequences to write files outside the intended extraction directory. This could lead to arbitrary file overwrites, privilege escalation, or code execution if sensitive locations are targeted. This issue has been patched in version 25.4.0.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

anaconda
conda-build
≤ 25.4.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References