CVE-2025-32799 – Conda-build Tar Slip Vulnerability

June 16, 2025

CVE ID : CVE-2025-32799

Published : June 16, 2025, 9:15 p.m. | 31 minutes ago

Description : Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal sequences to write files outside the intended extraction directory. This could lead to arbitrary file overwrites, privilege escalation, or code execution if sensitive locations are targeted. This issue has been patched in version 25.4.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49134 – Weblate IP Address Disclosure Vulnerability

Next Article Response to CISA Advisory (AA25-163A): Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider

Highlights

CVE-2025-2817 – Mozilla Firefox System File Privilege Escalation

April 29, 2025

CVE ID : CVE-2025-2817

Published : April 29, 2025, 2:15 p.m. | 1 hour, 31 minutes ago

Description : Mozilla Firefox’s update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox
Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Managing the growing risk profile of agentic AI and MCP in the enterprise

How To Prevent WordPress SQL Injection Attacks

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Windows 11 news and updates in June: Microsoft’s AI agent in Settings makes adjusting your PC easier than ever

uBlock Origin ships to Edge for Android as Google kills it on Chrome

Windows Hello face unlock no longer works in the dark, and Microsoft says it’s not a bug

Community News: Latest PECL Releases (06.17.2025)

Community News: Latest PECL Releases (06.17.2025)

Stream-Omni: Simultaneous Multimodal Interactions with Large Language-Vision-Speech Model

How Inclusive Design Leading and Creating Solutions for Universal Design

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Windows 11 news and updates in June: Microsoft’s AI agent in Settings makes adjusting your PC easier than ever

uBlock Origin ships to Edge for Android as Google kills it on Chrome

CVE-2025-32799 – Conda-build Tar Slip Vulnerability

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

NVIDIA’s leaked APU could change gaming laptop design forever. Here’s why.

TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China

Ethics in AI Implementation: Balancing Innovation and Responsibility

Your Xbox can now store everything — if you sell a kidney first

CVE-2025-2817 – Mozilla Firefox System File Privilege Escalation

CVE-2025-44083 – D-Link DI-8100 Remote Authentication Bypass Vulnerability

Apple Home finally gets robot vacuum support, thanks to Matter and iOS 18.4

CVE-2025-3793 – Buddypress WordPress Force Password Change Plugin Authentication Bypass

CVE-2025-32799 – Conda-build Tar Slip Vulnerability

Related Posts