CVE-2015-1197

Exp

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Published: 2015-02-19 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2015-1197 is rated Exploit Available (51.4/100): CVSS Low severity, with medium exploitation likelihood (EPSS 2.91%). 3 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2015-1197

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2015-1197

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 3.94% 2.91% -1.04%
2 2026-06-10 3.33% 3.94% +0.61%
3 2026-05-07 3.33%

Full EPSS history (17 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2015-1197

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
1.9 2.0 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 3.4 2.9 [email protected]

Weakness enumeration for CVE-2015-1197

OS Trackers for CVE-2015-1197

vendor priority summary link
alpine CVE-2015-1197: 1 source package rows (cpio); 7 state rows across 7 repos (3.17-community, 3.18-community, 3.19-community, 3.20-community, 3.21-community, 3.22-community, edge-community); fixed 7, open 0. https://security.alpinelinux.org/vuln/CVE-2015-1197
debian low CVE-2015-1197 low priority: Debian including 1 source packages (cpio), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2015-1197
gentoo normal CVE-2015-1197: 1 GLSA(s) (201502-11), 1 atom(s) (app-arch/cpio); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2015-1197
redhat low https://access.redhat.com/security/cve/CVE-2015-1197
suse low CVE-2015-1197 severity low: SUSE including 16 source package names (cpio, cpio-2.13-150400.1.98, …), 40 product×package rows across 20 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 11 SP3, … (20 product lines)): Fixed 26, Known Not Affected 14. https://www.suse.com/security/cve/CVE-2015-1197/
ubuntu low CVE-2015-1197 low priority: Ubuntu including 1 source packages (cpio), 10 status rows across 10 suites (lucid, precise, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): not-affected 4, ignored 3, released 3. https://ubuntu.com/security/CVE-2015-1197

NVD evaluator notes for CVE-2015-1197

Comment: <a href="http://cwe.mitre.org/data/definitions/61.html">CWE-61: UNIX Symbolic Link (Symlink) Following</a>

Affected software / configurations for CVE-2015-1197

Vendor Product Version Raw CPE
gnu cpio 2.11 cpe:2.3:a:gnu:cpio:2.11:*:*:*:*:*:*:*

References for CVE-2015-1197

cvelogic Threat Intelligence