OPENSUSE-SU-2025:20073-1

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2025-11065 CVE-2025-58058

Published: 20 Nov 2025, 17:26

Last modified:23 Mar 2026, 04:54

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Nov 2025, 17:26

Published

Vulnerability first disclosed

23 Mar 2026, 04:54

Last Modified

Vulnerability information updated

Description

Security update for alloy This update for alloy fixes the following issues: - CVE-2025-58058: Removed dependency on vulnerable github.com/ulikunitz/xz (bsc#1248960). - CVE-2025-11065: Fixed sensitive information leak in logs (bsc#1250621).

Affected Systems

opensuse•alloy&distro=openSUSE Leap 16.0
< 1.11.3-160000.1.1

References (4)

https://bugzilla.suse.com/1248960
https://bugzilla.suse.com/1250621
https://www.suse.com/security/cve/CVE-2025-11065
https://www.suse.com/security/cve/CVE-2025-58058