CVE-2026-25707 | A relative path traversal bug problem when processing reposi… | CVSS 8.8 HIGH

Description

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.

Metadata

CVE ID: CVE-2026-25707
State: PUBLISHED
Assigner: suse
Reserved: 2026-02-05 15:37 UTC
Published: 2026-06-29 10:04 UTC
Last updated: 2026-06-29 11:44 UTC
Primary CWE: CWE-23
CWE-23 Relative path traversal
Vendor / Product: SUSE / libzypp
Sources: cve.org · NVD

Severity & Metrics

8.8 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
SUSE	libzypp	—	0 < 17.38.10

Weakness (CWE)

CWE	Source	Description
CWE-23	cna	CWE-23 Relative path traversal

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.8	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (2)