Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2025-5981

CVE-2025-5981:
OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal

5.7

CVSS Score

Basic Information

CVE ID
CVE-2025-5981
GHSA ID
GHSA-2hcm-q3f4-fjgw
EPSS Score
-
CWE
CWE-427
Published
6/18/2025
Updated
6/18/2025
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/google/osv-scalibrgo>= 0.1.3, < 0.2.10.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability (CVE-2025-5981) is an arbitrary file write due to path traversal in OSV-SCALIBR's container image unpacking functionality. This occurs when processing malicious container images, particularly via the --remote-image CLI flag.

The root cause was the improper handling of file paths extracted from tar archive headers within container image layers. Specifically, paths were constructed by combining a base extraction directory with file/directory names from the tar entries. Insufficient sanitization of these names (e.g., not fully mitigating ../ sequences) allowed an attacker to craft tar entries that, when unpacked, would write files or create directories outside the intended extraction directory.

The patch (commit 2444419b1818c2d6917fc3394c947fb3276e9d59) addresses this by introducing the os.Root API. This API provides a way to confine file system operations to a specific root directory, effectively creating a chroot-like jail for the unpacking process.

The key functions involved were:

  1. (*Image).handleFile: Pre-patch, this function used os.OpenFile with a potentially traversed path (realFilePath) to write files. The patch changed this to use img.root.OpenFile, ensuring writes are contained.
  2. (*Image).handleDir: Pre-patch, this function used os.MkdirAll with a potentially traversed path (realFilePath) to create directories. The patch modified path handling and uses img.root.Stat to ensure operations are relative to the safe root.
  3. fillChainLayersWithFilesFromTar: This function was responsible for reading tar entries and, pre-patch, for constructing the realFilePath that was then passed to handleFile and handleDir. The logic for path cleaning here was insufficient. The patch removed this direct path construction, relying on the os.Root context.
  4. FromV1Image: This function orchestrates the image unpacking. The patch introduced the creation and use of an os.Root object here, which is then used by the lower-level functions.

During exploitation, these functions (in their pre-patch state) would be on the call stack. handleFile or handleDir would be the functions directly executing the unsafe os.OpenFile or os.MkdirAll calls with the attacker-controlled path. The unpack() function mentioned in the advisory likely calls FromV1Image or a similar entry point that utilizes this vulnerable logic.

Vulnerable functions

github.com/google/osv-scalibr/artifact/image/layerscanning/image.(*Image).handleFile
artifact/image/layerscanning/image/image.go
This function is responsible for writing files extracted from container image layers. Prior to the patch, it used `os.OpenFile` with a path (`realFilePath`) that was constructed from potentially malicious tar header information. Insufficient path sanitization allowed for path traversal, leading to arbitrary file writes. The patch mitigates this by using `img.root.OpenFile`, which confines file operations to a designated root directory.
github.com/google/osv-scalibr/artifact/image/layerscanning/image.(*Image).handleDir
artifact/image/layerscanning/image/image.go
This function is responsible for creating directories based on entries from container image layers. Prior to the patch, it used `os.MkdirAll` with a path (`realFilePath`) constructed from potentially malicious tar header information. This allowed for path traversal, leading to arbitrary directory creation. The patch mitigates this by using `img.root.Stat` for checks and ensuring `os.MkdirAll` operates on paths safely rooted within `img.ExtractDir`.
github.com/google/osv-scalibr/artifact/image/layerscanning/image.fillChainLayersWithFilesFromTar
artifact/image/layerscanning/image/image.go
This function iterates through tar archive entries from an image layer. Before the patch, it was responsible for constructing the `realFilePath` by joining a base directory with the (insufficiently sanitized) path from the tar header. This `realFilePath` was then passed to `handleFile` and `handleDir`. The vulnerability originated in how this function processed and constructed these paths, which were then used unsafely by the file/directory handling functions. The patch refactored path handling to rely on the `os.Root` mechanism established in `FromV1Image`.
github.com/google/osv-scalibr/artifact/image/layerscanning/image.FromV1Image
artifact/image/layerscanning/image/image.go
This function is a higher-level entry point for processing a V1 container image. It initializes the image extraction environment. Before the patch, it set up and called into `fillChainLayersWithFilesFromTar` without the `os.Root` sandboxing, thereby enabling the path traversal vulnerability in the subsequent file and directory handling operations. The introduction of `os.Root` here is a key part of the fix.

WAF Protection Rules

WAF Rule

*r*itr*ry *il* writ* *s t** OSV-S**LI*R us*r on t** *ost syst*m vi* * p*t* tr*v*rs*l vuln*r**ility w**n usin* OSV-S**LI*R's unp**k() *un*tion *or *ont*in*r im***s. P*rti*ul*rly, w**n usin* t** *LI *l** --r*mot*-im*** on untrust** *ont*in*r im***s.

Reasoning

T** vuln*r**ility (*V*-****-****) is *n *r*itr*ry *il* writ* *u* to p*t* tr*v*rs*l in OSV-S**LI*R's *ont*in*r im*** unp**kin* *un*tion*lity. T*is o**urs w**n pro**ssin* m*li*ious *ont*in*r im***s, p*rti*ul*rly vi* t** `--r*mot*-im***` *LI *l**. T**