216.73.216.170

CVE-2025-49842

· Published 17/06/2025 14:15 · Modified 17/06/2025 14:15

Labels: CVE-2025-49842 2025-06-17CVE-2025-49842CWE-276[email protected]

Essential information

Published
17/06/2025 14:15
Modified
17/06/2025 14:15
Author
Creator
CVSS
1.0 LOW (v3) 1.0 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privilege escalation and host compromise if a vulnerability is exploited. This issue has been patched in version 2025.3.24.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
conda / conda-forge-webservices cpe:2.3:a:conda:conda-forge-webservices:*:*:*:*:*:*:*:*

References