CVE-2025-65105

CVSS v4.0

7.3

High

Vector

AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Apptainer versions prior to 1.4.5

Description Apptainer is a container platform. Versions of Apptainer prior to 1.4.5 allow a container to disable certain forms of the --security option, specifically --security=apparmor:<profile> and --security=selinux:<label>. These options normally restrict container operations. The --security option is documented as a feature for the root user, but also functions for unprivileged users when the corresponding feature is enabled on the system. Apparmor is enabled by default on Debian-based distributions, and SELinux is enabled by default on RHEL-based distributions.

Recommendations Update to Apptainer version 1.4.5 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-61CWE-706CWE-363

Related Identifiers

CVE-2025-65105

GHSA-CGRX-MC8F-2PRM

GHSA-J3RW-FX6G-Q46J

GHSA-WWRX-W7C9-RF87

GO-2025-4176

OPENSUSE-SU-2026:10013-1

OPENSUSE-SU-2026:20730-1

SUSE-SU-2025:4395-1

SUSE-SU-2026:0439-1

Affected Products

Apparmor

Apptainer

Debian

Rhel

Selinux

CVE-2025-65105

Weakness Enumeration

Related Identifiers

Affected Products

References · 119