{"id":"GO-2025-3816","summary":"apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files in chainguard.dev/apko","details":"apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files in chainguard.dev/apko","aliases":["CVE-2025-53945","GHSA-x6ph-r535-3vjw"],"modified":"2026-02-04T04:41:04.119918Z","published":"2025-07-29T18:49:33Z","related":["CGA-3g3j-8396-2m48"],"database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3816"},"references":[{"type":"ADVISORY","url":"https://github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53945"},{"type":"WEB","url":"https://github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9"},{"type":"WEB","url":"https://github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3"},{"type":"WEB","url":"https://github.com/chainguard-dev/apko/releases/tag/v0.29.5"}],"affected":[{"package":{"name":"chainguard.dev/apko","ecosystem":"Go","purl":"pkg:golang/chainguard.dev/apko"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.27.0"},{"fixed":"0.29.5"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3816.json"}}],"schema_version":"1.7.3"}