CVE-2025-65100

Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb.

CVSS

No CVSS.

References

Link	Resource
https://github.com/ilbers/isar/commit/3383fd808a4ced93e41e012660dfe364a3384434
https://github.com/ilbers/isar/commit/738bcbb716c7eb7b34cbb2293cae4f264b3925fe
https://github.com/ilbers/isar/security/advisories/GHSA-3r9w-6cp6-7hm4

Configurations

No configuration.

History

19 Nov 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-19 19:15

Updated : 2025-11-21 15:13

NVD link : CVE-2025-65100

Mitre link : CVE-2025-65100

CVE.ORG link : CVE-2025-65100

JSON object : View

Products Affected

No product.

CWE

CWE-693

Protection Mechanism Failure

{"id": "CVE-2025-65100", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-11-19T19:15:50.837", "references": [{"url": "https://github.com/ilbers/isar/commit/3383fd808a4ced93e41e012660dfe364a3384434", "source": "[email protected]"}, {"url": "https://github.com/ilbers/isar/commit/738bcbb716c7eb7b34cbb2293cae4f264b3925fe", "source": "[email protected]"}, {"url": "https://github.com/ilbers/isar/security/advisories/GHSA-3r9w-6cp6-7hm4", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb."}], "lastModified": "2025-11-21T15:13:59.083", "sourceIdentifier": "[email protected]"}

CVE-2025-65100

JSON object

Attach tags to CVE-2025-65100

Attach tags to `CVE-2025-65100`