CVE-2017-7501

Name: CVE-2017-7501
Creator: NVD / NIST
Published: 2017-11-22T22:29:00.27+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.39%

Last modified Jun 17, 2026

CVE-2017-7501 is a vulnerability of currently unknown severity. It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.

Description

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

Metrics

EPSS Probability

0.39%

31.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Rpm	Rpm	< 4.13.0.3

References

Timeline

Published: Nov 22, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-7501?

How severe is CVE-2017-7501?

Severity scoring for CVE-2017-7501 is pending analysis. The EPSS model estimates a 0.39% probability of exploitation in the next 30 days.

How do I fix CVE-2017-7501?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-7501?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST