Wiz
Vulnerability DatabaseCVE-2023-7216

CVE-2023-7216
Linux Ubuntu vulnerability analysis and mitigation

Overview

A path traversal vulnerability (CVE-2023-7216) was discovered in the CPIO utility, primarily affecting Unix-like operating systems. The vulnerability was first reported on February 5, 2024. This issue allows a remote unauthenticated attacker to trick users into opening specially crafted archives, which during extraction could follow symlinks outside of the intended directory, enabling files to be written in arbitrary directories through symlinks (NVD, Security Online).

Technical details

The vulnerability stems from CPIO's handling of symbolic links during the extraction process. By default, CPIO follows stored symlinks within archives without verifying their final destination. The vulnerability has received a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L. The issue is classified under CWE-59 (Improper Link Resolution Before File Access) and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD).

Impact

The vulnerability could allow attackers to write files in sensitive locations such as ~/.ssh, ~/.bashrc, or ~/.config/autostart/, potentially leading to unauthorized access, privilege escalation, or remote command execution on the victim's system. The impact extends beyond individual users to software ecosystems that incorporate CPIO as a component (Security Online).

Mitigation and workarounds

The upstream maintainers have disputed this vulnerability and consider it normal behavior. They recommend using the '--no-absolute-filenames' option as a mitigation, which prevents the attack. This fix will likely be included in RHEL 10, though earlier versions remain unpatched (Debian Tracker, Red Hat Bugzilla).

Community reactions

The vulnerability has sparked discussions in the security community, with some experts noting similarities to a previous vulnerability (CVE-2015-1197). The upstream community has rejected CVE-2023-7216, stating they don't consider it a bug, which has led to debates about its severity rating changes from high to moderate and potentially to low (Red Hat Bugzilla).

Additional resources

SourceThis report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-24528HIGH7.1
  • KerberosKerberos
  • crypto-policies
NoYesJan 16, 2026
CVE-2025-24531MEDIUM6.7
  • Linux DebianLinux Debian
  • pam-pkcs11
NoYesJan 16, 2026
CVE-2025-43904MEDIUM4.2
  • Linux DebianLinux Debian
  • slurm_22_05-munge
NoYesJan 16, 2026
CVE-2025-71144N/AN/A
  • Linux DebianLinux Debian
  • linux-azure-fips
NoYesJan 14, 2026
CVE-2025-71143N/AN/A
  • Linux DebianLinux Debian
  • linux-oem-6.14
NoNoJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo