CVE-2025-64185 | THREATINT

Description

Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in the GEM_PATH. Open OnDemand versions 4.0.8 and 3.1.16 have been patched for this vulnerability.

PUBLISHED Reserved 2025-10-28 | Published 2025-11-20 | Updated 2025-11-21 | Assigner GitHub_M

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-277: Insecure Inherited Permissions

CWE-552: Files or Directories Accessible to External Parties

Product status

< 4.0.8

affected

< 3.1.16

affected

References

github.com/...demand/security/advisories/GHSA-r2cg-hg78-gq9p

cve.org (CVE-2025-64185)

nvd.nist.gov (CVE-2025-64185)

Download JSON