CVE-2025-32798

Name of the Vulnerable Software and Affected Versions conda-build versions prior to 25.4.0

Description The conda-build recipe processing logic is vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. This is because conda-build uses the eval function to process embedded selectors in meta.yaml files without proper sanitization, allowing arbitrary code to be executed during the build process. This compromises the integrity of the build environment and may allow unauthorized commands or file operations to be performed. The issue stems from the risk of using eval() on untrusted input in a context intended to control dynamic build configurations.

Recommendations For versions prior to 25.4.0, update to version 25.4.0 to resolve the issue. As a temporary workaround, consider disabling the use of eval() for recipe processing or restricting the execution of user-defined expressions in meta.yaml files until a patch is applied. Avoid using the eval function for untrusted input in the build process.