CVE-2025-65100 | THREATINT

Description

Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb.

PUBLISHED Reserved 2025-11-17 | Published 2025-11-19 | Updated 2025-11-19 | Assigner GitHub_M

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-693: Protection Mechanism Failure

Product status

< 738bcbb716c7eb7b34cbb2293cae4f264b3925fe

affected

References

github.com/...s/isar/security/advisories/GHSA-3r9w-6cp6-7hm4

github.com/...ommit/3383fd808a4ced93e41e012660dfe364a3384434

github.com/...ommit/738bcbb716c7eb7b34cbb2293cae4f264b3925fe

cve.org (CVE-2025-65100)

nvd.nist.gov (CVE-2025-65100)

Download JSON