Directory Permission Vulnerability in DPKG by Dpkg.org
CVE-2025-6297

8.2HIGH

Key Information:

Vendor: Debian
Status: Dpkg
Vendor: CVE Published:; 1 July 2025

What is CVE-2025-6297?

DPKG has a vulnerability related to improper handling of directory permissions during the extraction of control members into temporary directories. This flaw allows the execution of dpkg-deb commands on adversarial .deb packages, which may lead to lingering temporary files and conditions that can result in a denial of service. Specifically, if a directory is set with permissions that prevent removal by non-root users, repeated automated executions can exhaust disk quotas, leading to potential full disk scenarios.

Affected Version(s)

dpkg 0

References

https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2025
Vulnerability Reserved
Jun 19, 2025

JSON

Debian

What is CVE-2025-6297?

Affected Version(s)

References

CVSS V3.1

Timeline