CVE-2026-25707 PUBLISHED

Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp

Assigner: suse
Reserved: 05.02.2026 Published: 29.06.2026 Updated: 29.06.2026

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Score: 8.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SUSE
Product	libzypp
Versions	Default: unaffected affected from 0 to 17.38.10 (excl.)

Credits

Michael Andres of SUSE finder

References

https://bugzilla.suse.com/show_bug.cgi?id=1259802
https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b

Problem Types

CWE-23 Relative path traversal CWE

Impacts

CAPEC-165 File Manipulation