一、 漏洞 CVE-2025-32799 基础信息
漏洞信息
                                        神龙正在分析中.
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Conda-build Vulnerable to Path Traversal via Malicious Tar File
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal sequences to write files outside the intended extraction directory. This could lead to arbitrary file overwrites, privilege escalation, or code execution if sensitive locations are targeted. This issue has been patched in version 25.4.0.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
对路径名的限制不恰当(路径遍历)
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2025-32799 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2025-32799 的情报信息

  • 标题: Path Traversal via Malicious Tar File · Advisory · conda/conda-build · GitHub -- 🔗来源链接

    标签: x_refsource_CONFIRM

    Path Traversal via Malicious Tar File · Advisory · conda/conda-build · GitHub

  • 标题: Merge commit from fork · conda/conda-build@bdf5e00 · GitHub -- 🔗来源链接

    标签: x_refsource_MISC

    Merge commit from fork · conda/conda-build@bdf5e00 · GitHub

  • 标题: conda-build/conda_build/render.py at 834448b995eee02cf1c2e7ca97bcfa9affc77ee5 · conda/conda-build · GitHub -- 🔗来源链接

    标签: x_refsource_MISC

    conda-build/conda_build/render.py at 834448b995eee02cf1c2e7ca97bcfa9affc77ee5 · conda/conda-build · GitHub

  • 标题: conda-build/conda_build/convert.py at 834448b995eee02cf1c2e7ca97bcfa9affc77ee5 · conda/conda-build · GitHub -- 🔗来源链接

    标签: x_refsource_MISC

    conda-build/conda_build/convert.py at 834448b995eee02cf1c2e7ca97bcfa9affc77ee5 · conda/conda-build · GitHub
  • https://nvd.nist.gov/vuln/detail/CVE-2025-32799