Rootio-Openexr Allows Malicious File Overwriting on Root Systems

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Rootio-Openexr Allows Malicious File Overwriting on Root Systems

ROOT-OS-DEBIAN-12-CVE-2025-12839

Summary

The rootio-openexr software on Root Debian 12 systems may allow an attacker to overwrite files on the system, potentially leading to data loss or system compromise. This issue has been patched, and users should update their rootio-openexr package to the latest version to prevent exploitation.

What to do

Update rootio-openexr to version 3.1.5-5.root.io.10.

Affected software

Vendor	Product	Affected versions	Fix available
–	rootio-openexr	<= 3.1.5-5.root.io.10	3.1.5-5.root.io.10

Original title

CVE-2025-12839 in rootio-openexr - Patched by Root

Original description

Root has patched CVE-2025-12839 in the rootio-openexr package for Root:Debian:12. Multiple fixed versions available.

Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026