CVE-2025-32800 – “Conda-build Conduit for Malicious Package Injection”

June 16, 2025

CVE ID : CVE-2025-32800

Published : June 16, 2025, 9:15 p.m. | 31 minutes ago

Description : Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary (malicious) code to the package, and then exploit pip install commands by injecting the malicious dependency in the solve. This issue has been fixed in version 25.3.0. A workaround involves using –no-deps for pip install-ing the project from the repository.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49134 – Weblate IP Address Disclosure Vulnerability

Next Article Response to CISA Advisory (AA25-163A): Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

‘No aggressive monetization’ — Nexus Mods’ new ownership responds to worried members

Build AI Agents That Run Your Day – While You Focus on What Matters

Build AI Agents That Run Your Day – While You Focus on What Matters

Faster Builds in Meteor 3.3: Modern Build Stack with SWC and Bundler Optimizations

How to Change Redirect After Login/Register in Laravel Breeze

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

CVE-2025-32800 – “Conda-build Conduit for Malicious Package Injection”

The “Infinite Workday” is Here: Microsoft Warns of Never-Ending Work Driven by Hybrid Models & AI

Mastodon Cracks Down: New Terms Ban Unauthorized AI Data Scraping

CVE-2024-6030 – Tesla Model S oFono Privilege Escalation Vulnerability

I work from home – this lapdesk turned my couch into my office (and I can’t go back)

CVE-2025-32980 – NETSCOUT nGeniusONE Privilege Escalation Weakness

CVE-2025-47737 – Trailer lib.rs Zero-Sized Allocation Mishandle

CVE-2025-49848 – Apache PRJ File Out-of-bounds Write Vulnerability

CVE-2025-49142 – Nautobot Jinja2 Templating Feature Privilege Escalation Vulnerability

CVE-2025-4726 – iSourcecode Placement Management System SQL Injection Vulnerability

CVE-2025-47868 – Apache NuttX Heap-based Buffer Overflow

CVE-2025-32800 – “Conda-build Conduit for Malicious Package Injection”

Related Posts