SecuriTricks - CVE-2025-65100

Description

Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb.

Product(s) Impacted

Vendor	Product	Versions
Isar	Isar	0.11-rc1, 0.11

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-693

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	isar	isar	0.11-rc1	/	/	/	/	/	/	/
a	isar	isar	0.11	/	/	/	/	/	/	/

References

https://github.com/ilbers/isar/commit/3383fd808a4ced93e41e012660dfe364a3384434

https://github.com/ilbers/isar/commit/738bcbb716c7eb7b34cbb2293cae4f264b3925fe

https://github.com/ilbers/isar/security/advisories/GHSA-3r9w-6cp6-7hm4

CVSS Score

6.9 / 10

CVSS Data - 4.0

Attack Vector: NETWORK
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: NONE
User Interaction: NONE
Scope:
Confidentiality Impact: NONE
Integrity Impact: LOW
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: Nov. 19, 2025, 7:15 p.m.
Last Modified: Nov. 19, 2025, 7:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

CVE-2025-65100