What is CVE-2025-64343?

CVE-2025-64343 is a high-severity vulnerability in Conda Constructor, classified under CWE-289. CVSS score: 7.8/10. Published 2025-11-07.

How severe is CVE-2025-64343?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Conda Constructor

CVE-2025-64343

(conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directorie…

EPSS: 0.000 (2.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Conda Constructor — versions < 3.13.0

Weakness classification (CWE)

CWE-289

References

https://github.com/conda/constructor/security/advisories/GHSA-vvpr-2qg4-2mrq (x_refsource_CONFIRM)
https://github.com/conda/constructor/commit/c368383710a7c2b81ad1b0ecb9724b38d3577447 (x_refsource_MISC)
https://github.com/conda/constructor/releases/tag/3.13.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-64343?: CVE-2025-64343 is a high-severity vulnerability in Conda Constructor, classified under CWE-289. CVSS score: 7.8/10. Published 2025-11-07.
How severe is CVE-2025-64343?: High severity. CVSS v3 base score is 7.8 out of 10.