CVE-2025-65100
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-65100, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-19

Last updated on: 2025-11-19

Assigner: GitHub, Inc.

Description

Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-19
Last Modified
2025-11-19
Generated
2026-07-06
AI Q&A
2025-11-19
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
isar isar 0.11-rc1
isar isar 0.11

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in Isar versions 0.11-rc1 and 0.11, where defining the ISAR_APT_SNAPSHOT_DATE alone does not correctly set the timestamp for the security distribution. As a result, security updates may be missed because the system does not recognize the correct update time. This issue has been fixed in a later patch.

Impact Analysis

The vulnerability can lead to missed security updates in the root filesystem generated by Isar, potentially leaving the system exposed to known security issues that would otherwise be patched. This increases the risk of exploitation due to outdated security components.

Mitigation Strategies

To mitigate this vulnerability, update Isar to a version that includes the patch from commit 738bcbb, as this fixes the issue with incorrect timestamp values leading to missed security updates.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65100. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart