Vulnerability in Sylabs Singularity
CVE-2025-64750
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances…
EPSS: 0.001 (3.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.5 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L.
Affected products
- Sylabs Singularity — versions > 4.2.0-rc.1, < 4.3.5, < 4.1.11
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-64750?
- CVE-2025-64750 is a medium-severity vulnerability in Sylabs Singularity, classified under UNIX Symbolic Link (Symlink) Following. CVSS score: 4.5/10. Published 2025-12-02.
- How severe is CVE-2025-64750?
- Medium severity. CVSS v3 base score is 4.5 out of 10.