Security Advisory

CVE-2025-27510

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-04 21:48:12
Last updated 2025-03-05 16:37:33
Assigner GitHub_M
State PUBLISHED

Description

conda-forge-metadata provides programatic access to conda-forges metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, it can result in remote code execution.