PT-2025-30050 · Apko · Apko

Codyharris-H2O-Ai

Published

2025-07-18

Updated

2025-08-04

CVE-2025-53945

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions apko versions 0.27.0 through 0.29.4

Description apko is a tool that allows users to build and publish OCI container images built from apk packages. In versions prior to 0.29.5, critical files were inadvertently set to 0666, which could potentially be exploited for root escalation.

Recommendations Update to version 0.29.5 or later.

Exploit

Fix

LPE

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2025-53945

GHSA-X6PH-R535-3VJW

GO-2025-3816

OPENSUSE-SU-2025:15405-1

Affected Products

Apko

PT-2025-30050 · Apko · Apko

CVE-2025-53945

Weakness Enumeration

Related Identifiers

Affected Products

References · 71