CVE-2025-23394

CWE-615 documents5 sources
Severity
9.8CRITICAL
EPSS
0.7%
top 27.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Suse Opensuse Tumbleweed
Timeline
PublishedMay 26

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

ā–¶CVEListV5suse/opensuse_tumbleweed? ā€” 3.8.4-2.1

šŸ”“Vulnerability Details

3
OSV
CVE-2025-23394: A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to rootā†—2025-05-26
ā–¶
GHSA
GHSA-q5xr-h2vq-97x6: A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to rootā†—2025-05-26
ā–¶
CVEList
daily-backup.sh script in cyrus-imapd allows escalation from cyrus to rootā†—2025-05-26
ā–¶

šŸ“‹Vendor Advisories

1
Debian
CVE-2025-23394: cyrus-imapd - A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cy...ā†—2025
ā–¶
CVE-2025-23394 (CRITICAL CVSS 9.8) | A UNIX Symbolic Link (Symlink) Foll | cvebase.io