3.2
CVE-2025-52991
- EPSS 0.02%
- Published 27.06.2025 00:00:00
- Last modified 30.06.2025 18:38:48
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorNixOS
≫
Product
Nix
Default Statusunaffected
Version <
2.24.15
Version
0
Status
affected
Version <
2.26.4
Version
2.25.0
Status
affected
Version <
2.28.4
Version
2.27.0
Status
affected
Version <
2.29.1
Version
2.29.0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.03 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| cve@mitre.org | 3.2 | 1.4 | 1.4 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.