cvedb.io
CVE-2025-32799
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-06-16T21:15:23.683 · Last modified 2026-06-17T09:12:35.650

Summary

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal sequences to write files outside the intended extraction directory. This could lead to arbitrary file overwrites, privilege escalation, or code execution if sensitive locations are targeted. This issue has been patched in version 25.4.0.

Affected products

anaconda — conda-build

Does this affect you?

Add your gear to cvedb and we'll alert you only when anaconda ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.