{"uuid": "fe9c40e7-e4b2-4496-b5c2-2f47410c759e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6297", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/20063", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-6297\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: It was discovered that dpkg does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data, which may lead to leave temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up with a DoS scenario due to causing disk quota\nexhaustion or disk full conditions.\n\ud83d\udccf Published: 2025-07-01T16:16:54.624Z\n\ud83d\udccf Modified: 2025-07-01T16:16:54.624Z\n\ud83d\udd17 References:\n1. https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82", "creation_timestamp": "2025-07-01T17:08:44.000000Z"}