CVE-2025-32438
published 2025-04-15CVE-2025-32438: make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable…
PriorityP344high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
EPSS
0.15%
4.8th percentile
make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nixos | nixpkgs | < b17590193d8e5697000c23c66afcf11e1753734d | b17590193d8e5697000c23c66afcf11e1753734d |
| nixos | nixpkgs | < fbf76bf72b161b9f4ab97704a8258776d5f3ffba | fbf76bf72b161b9f4ab97704a8258776d5f3ffba |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-15
Published