6.7

CVE-2025-7519

Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.081
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2025-7519
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2379675
Issue Tracking
https://github.com/polkit-org/polkit/commit/107d3801361b9f9084f78710178e683391f1d245
Patch
https://github.com/polkit-org/polkit/pull/570
Patch