CVE-2025-6297: It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a
highvulnerability
security
Summary
dpkg-deb (a tool that extracts and manages Debian package files) fails to properly set permissions on temporary directories when unpacking package contents, potentially leaving temporary files behind. If an attacker repeatedly sends malicious packages or uses highly compressible files placed in directories that can't be deleted by regular users, this could fill up the disk and cause a denial of service (DoS, a situation where a system becomes unusable due to resource exhaustion).
Vulnerability Details
CVSS Score
8.2(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack SophisticationModerate
Impact (CIA+S)
availability
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-6297
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 95%