Vulnerability Report

CVE-2025-65105

Title: Apptainer container can disable --security options

Other

Proof Of Concept

No public PoC currently indexed for CVE-2025-65105.

CWE Category CWE-61

Published Date Dec 02, 2025

Modified Date Dec 05, 2025

Exploit Status Not Found

Score 4.5 CVSS v3.1

Exploit Probability (EPSS)

0.19%

Vulnerability Summary

CVE-2025-65105: Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor:<profile> and --security=selinux:<label> which otherwise put restrictions on operations that containers can do. The --security option has always been mentioned in Apptainer documentation as being a feature for the root user, although these forms do also work for unprivileged users on systems where the corresponding feature is enabled. Apparmor is enabled by default on Debian-based distributions and SElinux is enabled by default on RHEL-based distributions, but on SUSE it depends on the distribution version. This vulnerability is fixed in 1.4.5.

Impacted Vendors

lfprojects 1

Reference Links

https://github.com/apptainer/apptainer/commit/4313b42717e18a4add7dd7503528bc15af905981 https://github.com/apptainer/apptainer/commit/82f17900a0c31bc769bf9b4612d271c7068d8bf2 https://github.com/apptainer/apptainer/pull/3226 https://github.com/apptainer/apptainer/security/advisories/GHSA-j3rw-fx6g-q46j https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm https://github.com/sylabs/singularity/security/advisories/GHSA-wwrx-w7c9-rf87

CVSS v3.1

Source Entity [email protected]

Severity MEDIUM

4.5

Attack Vector

LOCAL

Complexity

HIGH

Privileges

N/A

Interaction

REQUIRED

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS v3.1

Source Entity [email protected]

Severity MEDIUM

5.3

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2025-65105 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

December 05, 2025 MODIFIED

Vulnerability data or affected products updated.

December 05, 2025 MODIFIED

Vulnerability data updated via NVD.

December 02, 2025 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector LOCAL

Complexity HIGH

Privileges N/A

Interaction REQUIRED

CVSS Vector String


                                    CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Stack

No specific products linked.