CVE-2025-65100
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-11-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| isar | isar | 0.11-rc1 |
| isar | isar | 0.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Isar versions 0.11-rc1 and 0.11, where defining the ISAR_APT_SNAPSHOT_DATE alone does not correctly set the timestamp for the security distribution. As a result, security updates may be missed because the system does not recognize the correct update time. This issue has been fixed in a later patch.
How can this vulnerability impact me? :
The vulnerability can lead to missed security updates in the root filesystem generated by Isar, potentially leaving the system exposed to known security issues that would otherwise be patched. This increases the risk of exploitation due to outdated security components.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Isar to a version that includes the patch from commit 738bcbb, as this fixes the issue with incorrect timestamp values leading to missed security updates.