CVE-2025-64185
BaseFortify
Publication date: 2025-11-20
Last updated on: 2025-11-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opendondemand | opendondemand | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-277 | A product defines a set of insecure permissions that are inherited by objects that are created by the program. |
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Open OnDemand involves the creation of world writable locations in the GEM_PATH environment variable by versions prior to 4.0.8 and 3.1.16. This means that unauthorized users could potentially write to these locations, which can lead to security risks. The issue has been fixed in versions 4.0.8 and 3.1.16.
How can this vulnerability impact me? :
Because the vulnerability allows world writable locations in GEM_PATH, it could enable unauthorized users to modify or inject malicious code or files, potentially leading to privilege escalation, data compromise, or system instability in environments using vulnerable versions of Open OnDemand.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Open OnDemand to version 4.0.8 or later, or 3.1.16 or later, as these versions have been patched to fix the vulnerability related to world writable locations in the GEM_PATH.