Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
- Last update: 01/07/2025
- Affected software:
→ Registrator.jl- Type: Remote code execution
- CVE/CVSS
→ CVE-2025-52480: CVSS 8.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U)
→ CVE-2025-52483: CVSS 8.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U)
https://github.com/JuliaRegistries/Registrator.jl/security/advisories/GHSA-w8jv-rg3h-fc68
https://github.com/JuliaRegistries/Registrator.jl/security/advisories/GHSA-589r-g8hf-xx59
JuliaRegistries published security advisories to address two injection vulnerabilities affecting Registrator.jl which can be exploited to perform remote code execution.
Registrator is a GitHub app that automates the creation of registration pull requests for Julia packages to the General registry. GitHub is regularly used by threat actors to host malicious packages as part of their attack flow. Open-source repositories have been targeted in the past.
A threat actor could exploit the vulnerabilities in Registrator to inject a script or a malicious clone URL to achieve remote code execution.
JuliaRegistries is not aware of active exploitation (cut-off date: 30 June 2025).
Exploitation of either vulnerability can have a high impact on confidentiality, integrity and availability.
CVE-2025-52480 is an argument injection vulnerability affecting the gettreesha() function of the Registrator app.
If the clone URL returned by GitHub is malicious, or if it can be injected using upstream vulnerabilities, a threat actor could leverage an argument injection to achieve remote code execution.
CVE-2025-52483 is a command injection vulnerability within the withpasswd() function of the Registrator app.
If the clone URL returned by GitHub is malicious, or if it can be injected using upstream vulnerabilities, a threat actor could inject a shell script to achieve remote code execution.
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Please note that all versions prior to v1.9.5 are vulnerable and that there are no workarounds.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.