Automated Integration System Vulnerability in ISAR by ilbers
CVE-2025-65100

6.9MEDIUM

Key Information:

Vendor

Ilbers

Status
Isar
Vendor
CVE Published:
19 November 2025

What is CVE-2025-65100?

The ISAR integration system for generating automated root filesystems, specifically versions 0.11-rc1 and 0.11, contains a flaw where defining the ISAR_APT_SNAPSHOT_DATE alone does not correctly establish the necessary timestamp for security distributions. This oversight can lead to significant security vulnerabilities due to missed updates, compromising the integrity of the system. Fortunately, this issue has been addressed and rectified through a code commit.

Affected Version(s)

isar < 738bcbb716c7eb7b34cbb2293cae4f264b3925fe

References

https://github.com/ilbers/isar/security/advisories/GHSA-3...
x_refsource_CONFIRM
https://github.com/ilbers/isar/commit/3383fd808a4ced93e41...
x_refsource_MISC
https://github.com/ilbers/isar/commit/738bcbb716c7eb7b34c...
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-65100 : Automated Integration System Vulnerability in ISAR by ilbers