Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-64343

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-07 Nov, 2025 | 05:20
Updated At-07 Nov, 2025 | 17:24
Rejected At-
Credits

(conda) Constructor: Excessive permissions during and after installation

(conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write access by authenticated users. Any logged in user can make modifications during the installation for both single-user and all-user installations. This constitutes a local attack vector if the installation is in a directory local users have access to. For single-user installations in a shared directory, these permissions persist after the installation. This issue is fixed in version 3.13.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:07 Nov, 2025 | 05:20
Updated At:07 Nov, 2025 | 17:24
Rejected At:
▼CVE Numbering Authority (CNA)
(conda) Constructor: Excessive permissions during and after installation

(conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write access by authenticated users. Any logged in user can make modifications during the installation for both single-user and all-user installations. This constitutes a local attack vector if the installation is in a directory local users have access to. For single-user installations in a shared directory, these permissions persist after the installation. This issue is fixed in version 3.13.0.

Affected Products
Vendor
conda
Product
constructor
Versions
Affected
  • < 3.13.0
Problem Types
TypeCWE IDDescription
CWECWE-289CWE-289: Authentication Bypass by Alternate Name
Type: CWE
CWE ID: CWE-289
Description: CWE-289: Authentication Bypass by Alternate Name
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/conda/constructor/security/advisories/GHSA-vvpr-2qg4-2mrq
x_refsource_CONFIRM
https://github.com/conda/constructor/commit/c368383710a7c2b81ad1b0ecb9724b38d3577447
x_refsource_MISC
https://github.com/conda/constructor/releases/tag/3.13.0
x_refsource_MISC
Hyperlink: https://github.com/conda/constructor/security/advisories/GHSA-vvpr-2qg4-2mrq
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/conda/constructor/commit/c368383710a7c2b81ad1b0ecb9724b38d3577447
Resource:
x_refsource_MISC
Hyperlink: https://github.com/conda/constructor/releases/tag/3.13.0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:07 Nov, 2025 | 06:15
Updated At:12 Nov, 2025 | 16:20

(conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write access by authenticated users. Any logged in user can make modifications during the installation for both single-user and all-user installations. This constitutes a local attack vector if the installation is in a directory local users have access to. For single-user installations in a shared directory, these permissions persist after the installation. This issue is fixed in version 3.13.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-289Primarysecurity-advisories@github.com
CWE ID: CWE-289
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/conda/constructor/commit/c368383710a7c2b81ad1b0ecb9724b38d3577447security-advisories@github.com
N/A
https://github.com/conda/constructor/releases/tag/3.13.0security-advisories@github.com
N/A
https://github.com/conda/constructor/security/advisories/GHSA-vvpr-2qg4-2mrqsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/conda/constructor/commit/c368383710a7c2b81ad1b0ecb9724b38d3577447
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/conda/constructor/releases/tag/3.13.0
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/conda/constructor/security/advisories/GHSA-vvpr-2qg4-2mrq
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2024-46062
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.80%
||
7 Day CHG~0.00%
Published-17 Dec, 2025 | 00:00
Updated-05 Jan, 2026 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.

Action-Not Available
Vendor-condan/aApple Inc.
Product-macosminiconda3n/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-26526
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.31%
||
7 Day CHG~0.00%
Published-17 Mar, 2022 | 14:57
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.

Action-Not Available
Vendor-anacondacondan/a
Product-miniconda3anaconda3n/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
Details not found