CVE-2025-27148Creation of Temporary File With Insecure Permissions in Gradle

CWE-378Creation of Temporary File With Insecure PermissionsCWE-379Creation of Temporary File in Directory with Insecure Permissions6 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 81.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GradleDebian Gradle
Timeline
PublishedFeb 25

Description

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platfor

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5gradle/gradle= 8.12
debiandebian/gradle

🔴Vulnerability Details

1
OSV
CVE-2025-27148: Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs2025-02-25

📋Vendor Advisories

2
Red Hat
gradle: Gradle vulnerable to local privilege escalation through system temporary directory2025-02-25
Debian
CVE-2025-27148: gradle - Gradle is a build automation tool, and its native-platform tool provides Java bi...2025

🕵️Threat Intelligence

2
Wiz
CVE-2026-22865 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-22816 Impact, Exploitability, and Mitigation Steps | Wiz