5.7
CVE-2025-59378
- EPSS 0.02%
- Veröffentlicht 15.09.2025 00:00:00
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerGNU
≫
Produkt
Guix
Default Statusunaffected
Version
0
Version <
1618ca7aa2ee8b6519ee9fd0b965e15eca2bfe45
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.042 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 5.7 | 2.5 | 2.7 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
CWE-669 Incorrect Resource Transfer Between Spheres
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.