OSV-SCALIBR: arbitrary file write via path traversal in unpack()
CVE-2025-5981 Published on June 18, 2025
Arbitrary File write in OSV-SCALIBR
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.
Weakness Type
What is a DLL preloading Vulnerability?
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2025-5981 has been classified to as a DLL preloading vulnerability or weakness.
Products Associated with CVE-2025-5981
Want to know whenever a new CVE is published for Google Osv Scalibr? stack.watch will email you.
Affected Versions
Google osv-scalibr:- Version 0.1.3 and below 0.1.8 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.