How severe is CVE-2025-31484?

This vulnerability has a severity rating of CRITICAL with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-31484?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2025-31484 - CRITICAL Severity | CVSS N/A

Vulnerability Description

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a package to the conda-forge channel, bypassing our feedstock-token + upload process. The security logs on anaconda.org were check for any packages that were not copied from the cf-staging to the conda-forge channel and none were found.

Related Vulnerabilities

CVE-2015-2692

CRITICAL

CVSS:10.0(Critical)

AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.

CWE-2842015

CVE-2016-1038

CRITICAL

CVSS:10.0(Critical)

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers...

CWE-2842016

CVE-2016-1041

CRITICAL

CVSS:10.0(Critical)

CWE-2842016

CVE-2016-1044

CRITICAL

CVSS:10.0(Critical)

CWE-2842016

CVE-2016-8938

CRITICAL

CVSS:10.0(Critical)

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host cus...

CWE-2842016

CVE-2017-7928

CRITICAL

CVSS:10.0(Critical)

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The de...

CWE-2842017