CVE Catalog

CVE-2026-25707

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.60%

44th percentile — higher than 44% of all known CVEs

Summary

A relative path traversal vulnerability in libzypp before 17.38.10 allows remote attackers to overwrite system files by processing malicious repository metadata. This can lead to denial of service or privilege escalation.

Risk Assessment

The organization faces the risk of system compromise or service disruption by a remote attacker supplying a malicious repository.

Recommendation

Immediately update libzypp to version 17.38.10 or later and verify the trustworthiness of used repositories.

Original NVD description (English source)

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS