{"id":"USN-8359-1","summary":"nncp vulnerability","details":"It was discovered that NNCP did not properly sanitize file paths\nin packet data during file requesting and file saving operations. A\nremote attacker could possibly use this issue to read or write\narbitrary files outside of the intended directory.","modified":"2026-06-01T20:32:56.633545568Z","published":"2026-06-01T15:04:39Z","related":["UBUNTU-CVE-2025-60020"],"upstream":["CVE-2025-60020","UBUNTU-CVE-2025-60020"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8359-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-60020"}],"affected":[{"package":{"name":"nncp","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/nncp?arch=source&distro=esm-apps%2Fjammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.5.0-1ubuntu0.1+esm3"}]}],"versions":["7.7.0-4","8.0.0-1","8.0.2-1","8.5.0-1","8.5.0-1ubuntu0.1","8.5.0-1ubuntu0.1+esm1","8.5.0-1ubuntu0.1+esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"nncp","binary_version":"8.5.0-1ubuntu0.1+esm3"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"id":"CVE-2025-60020","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8359-1.json"}},{"package":{"name":"nncp","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/nncp?arch=source&distro=esm-apps%2Fnoble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.10.0-8ubuntu0.3+esm3"}]}],"versions":["8.8.2-4build1","8.9.0-1","8.10.0-3","8.10.0-4","8.10.0-5","8.10.0-6","8.10.0-7","8.10.0-8","8.10.0-8ubuntu0.1","8.10.0-8ubuntu0.2","8.10.0-8ubuntu0.2+esm1","8.10.0-8ubuntu0.3","8.10.0-8ubuntu0.3+esm1","8.10.0-8ubuntu0.3+esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"8.10.0-8ubuntu0.3+esm3","binary_name":"nncp"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:24.04:LTS","cves":[{"id":"CVE-2025-60020","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8359-1.json"}},{"package":{"name":"nncp","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/nncp?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.11.0-4+deb13u1build0.25.10.1"}]}],"versions":["8.11.0-3","8.11.0-4"],"ecosystem_specific":{"binaries":[{"binary_version":"8.11.0-4+deb13u1build0.25.10.1","binary_name":"nncp"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-60020"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8359-1.json"}}],"schema_version":"1.7.5"}