Vulnerability Database

309,130

Total vulnerabilities in the database

CVE-2025-53945

apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue.

Published: Jul 18, 2025
Updated: Nov 23, 2025
CVE: CVE-2025-53945
GHSA: GHSA-x6ph-r535-3vjw
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

CWEs:

CWE-276

Affected Software
References

Software	From	Fixed in
chainguard.dev/apko	0.27.0	0.29.5

https://github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9
https://github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3
https://github.com/chainguard-dev/apko/releases/tag/v0.27.0
https://github.com/chainguard-dev/apko/releases/tag/v0.29.5
https://github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo