CVE-2025-32799

Name of the Vulnerable Software and Affected Versions Conda-build versions prior to 25.4.0

Description The issue is related to path traversal attacks due to improper sanitization of tar entry paths in the conda-build processing logic. This could allow attackers to craft tar archives that write files outside the intended extraction directory, potentially leading to arbitrary file overwrites, privilege escalation, or code execution if sensitive locations are targeted.

Recommendations For versions prior to 25.4.0, update to version 25.4.0 to resolve the issue. As a temporary workaround, consider restricting the use of conda-build to minimize the risk of exploitation. Avoid using conda-build to extract tar archives from untrusted sources until the issue is resolved.