2.9
CVE-2025-46416
- EPSS 0.02%
- Published 27.06.2025 00:00:00
- Last modified 30.06.2025 18:38:48
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorNixOS
≫
Product
Nix
Default Statusunknown
Version <=
2.24.15
Version
0
Status
affected
Version <=
2.26.4
Version
2.25.0
Status
affected
Version <=
2.28.4
Version
2.27.0
Status
affected
Version <=
2.29.1
Version
2.29.0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.03 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| cve@mitre.org | 2.9 | 1.4 | 1.4 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-282 Improper Ownership Management
The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.