CVE-2025-64750

Name of the Vulnerable Software and Affected Versions SingularityCE versions prior to 4.3.5 SingularityPRO versions prior to 4.1.11 and 4.3.5

Description SingularityCE and SingularityPRO are open source container platforms. If a user depends on LSM restrictions to prevent harmful actions, an attacker can redirect the LSM label write operation, making it ineffective under specific conditions. The attacker needs to make a user run a malicious container image that redirects the mount of /proc to the destination of a shared mount, which could be pre-configured on the target system or specified by the user when running the container. The attacker must also control the content of the shared mount, potentially through another malicious container or by having relevant permissions on the host system where it is bound.

Recommendations Update SingularityCE to version 4.3.5 or later. Update SingularityPRO to version 4.1.11 or 4.3.5 or later.