CVE-2025-64185

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.0.8 Open OnDemand versions prior to 3.1.16

Description Open OnDemand packages create world writable locations in the GEM PATH prior to versions 4.0.8 and 3.1.16. This could allow unauthorized modification of files in the GEM PATH.

Recommendations Update to Open OnDemand version 4.0.8 or later. Update to Open OnDemand version 3.1.16 or later.

Exploit

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-277CWE-552

Related Identifiers

CVE-2025-64185

GHSA-R2CG-HG78-GQ9P

Affected Products

Open Ondemand

CVE-2025-64185

Weakness Enumeration

Related Identifiers

Affected Products

References · 7