CVE-2025-32797

MEDIUM EPSS 3.7%
Published Jun 16, 20251y ago · Modified Jun 17, 20262w ago
6.0 CVSS 4.0
Medium
Find Similar
Published Jun 16, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write access to all users. Attackers with filesystem access can exploit a race condition to overwrite the script before execution, enabling arbitrary code execution under the victim's privileges. This risk is significant in shared environments, potentially leading to full system compromise. Even with non-static directory names, attackers can monitor parent directories for file creation events. The brief window between script creation (with insecure permissions) and execution allows rapid overwrites. Directory names can also be inferred via timestamps or logs, and automation enables exploitation even with semi-randomized paths by acting within milliseconds of detection. This issue has been patched in version 25.3.1. A workaround involves restricting conda_build.sh permissions from 0o766 to 0o700 (owner-only read/write/execute). Additionally, use atomic file creation (write to a temporary randomized filename and rename atomically) to minimize the race condition window.

CVSS Details

Base Score
6.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
3.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-277

Affected Products 1

VendorProductVersionRange
anacondaconda-build* <25.3.1

References 4

  • github.com https://github.com/conda/conda-build/blob/3f06913bba22c4e1ef1065df9e00d86ac97f087c/conda_build/build.py#L3054-L3084
    Product
  • github.com https://github.com/conda/conda-build/commit/d246e49c8f45e8033915156ee3d77769926f3c2e
    Patch
  • github.com https://github.com/conda/conda-build/pull/5
    Issue Tracking
  • github.com https://github.com/conda/conda-build/security/advisories/GHSA-vfp6-3v8g-vcmm
    Vendor Advisory

Remediation

  • github.com https://github.com/conda/conda-build/commit/d246e49c8f45e8033915156ee3d77769926f3c2e
    Patch