CVE-2026-25707 - Vulnerability Details - OpenCVE

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1259802
https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b

History

Mon, 29 Jun 2026 12:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 29 Jun 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.
Title		Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp
Weaknesses		CWE-23
References		https://bugzilla.suse.com/show_bug.cgi?id=1259802 https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2026-06-29T10:04:59.223Z

Updated: 2026-06-29T11:44:36.827Z

Reserved: 2026-02-05T15:37:24.184Z

Link: CVE-2026-25707

Vulnrichment

Updated: 2026-06-29T11:44:17.763Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-29T11:30:05Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25707", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "state": "PUBLISHED", "assignerShortName": "suse", "dateReserved": "2026-02-05T15:37:24.184Z", "datePublished": "2026-06-29T10:04:59.223Z", "dateUpdated": "2026-06-29T11:44:36.827Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-06-29T10:04:59.223Z"}, "title": "Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp", "datePublic": "2026-05-28T09:56:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-23", "description": "CWE-23 Relative path traversal", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "affected": [{"vendor": "SUSE", "product": "libzypp", "packageName": "libzypp", "repo": "https://github.com/openSUSE/libzypp", "versions": [{"status": "affected", "version": "0", "lessThan": "17.38.10", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation."}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1259802", "tags": ["issue-tracking"]}, {"url": "https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Michael Andres of SUSE", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-29T11:39:14.732975Z", "id": "CVE-2026-25707", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-29T11:44:36.827Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25707", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-29T11:39:14.732975Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-29T11:44:17.763Z"}}], "cna": {"title": "Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Michael Andres of SUSE"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/openSUSE/libzypp", "vendor": "SUSE", "product": "libzypp", "versions": [{"status": "affected", "version": "0", "lessThan": "17.38.10", "versionType": "rpm"}], "packageName": "libzypp", "defaultStatus": "unaffected"}], "datePublic": "2026-05-28T09:56:00.000Z", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1259802", "tags": ["issue-tracking"]}, {"url": "https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.", "supportingMedia": [{"type": "text/html", "value": "A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "CWE-23 Relative path traversal"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-06-29T10:04:59.223Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25707", "state": "PUBLISHED", "dateUpdated": "2026-06-29T11:44:36.827Z", "dateReserved": "2026-02-05T15:37:24.184Z", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "datePublished": "2026-06-29T10:04:59.223Z", "assignerShortName": "suse"}, "dataVersion": "5.2"}