CVE-2025-64185
Description
Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in the GEM_PATH. Open OnDemand versions 4.0.8 and 3.1.16 have been patched for this vulnerability.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-64185? +
How do I check if I'm vulnerable to CVE-2025-64185? +
Related Vulnerabilities
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The …
Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128.
Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter …
Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.