CVE-2025-53945: apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files
It was discovered that the ld.so.cache in images generated by apko had file system permissions mode 0666:
bash-5.3# find / -type f -perm -o+w
/etc/ld.so.cache
References
- github.com/advisories/GHSA-x6ph-r535-3vjw
- github.com/chainguard-dev/apko
- github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9
- github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3
- github.com/chainguard-dev/apko/releases/tag/v0.29.5
- github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw
- nvd.nist.gov/vuln/detail/CVE-2025-53945
Code Behaviors & Features
Detect and mitigate CVE-2025-53945 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →