CVE-2025-0781Incorrect Authorization in Flightgear

CWE-863Incorrect Authorization6 documents6 sources
Severity
9.9CRITICALNVD
EPSS
0.0%
top 87.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
FlightgearSimgearDebian Flightgear+4 more
Timeline
PublishedJan 28
Latest updateJan 15

Description

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages6 packages

debiandebian/simgear< flightgear 1:2020.3.16+dfsg-1+deb12u1 (bookworm)
debiandebian/flightgear< flightgear 1:2020.3.16+dfsg-1+deb12u1 (bookworm)
Debiansimgear/simgear< 1:2020.3.6+dfsg-1+deb11u1+3
Debianflightgear/flightgear< 1:2020.3.6+dfsg-1+deb11u1+3
NVDflightgear/simgear2020.3.19

Also affects: Debian Linux 11.0

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

2
OSV
CVE-2025-0781: An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-2025-01-28
GHSA
GHSA-555q-7wq3-w6ch: An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-2025-01-28

📋Vendor Advisories

3
Ubuntu
SimGear vulnerability2026-01-15
GitLab
Incorrect Authorization in SimGear2025-01-28
Debian
CVE-2025-0781: flightgear - An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to ...2025
CVE-2025-0781 — Incorrect Authorization in Flightgear | cvebase