CVE-2025-53104
published 2025-07-01CVE-2025-53104: gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command injection…
PriorityP259critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.19%
63.9th percentile
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields (title, body, etc.) were directly interpolated into shell commands in a run: block. An attacker could craft a malicious GitHub Discussion title or body (e.g., $(curl ...)) to execute arbitrary shell commands on the Actions runner. This issue has been fixed in commit e6b4271 where the discussion-to-slack.yml workflow was removed. Users should remove the discussion-to-slack.yml workflow if using a fork or derivative of this repository.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gluestack | gluestack-ui | < e6b4271 | e6b4271 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
osv7.8HIGH
cisa7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities
osv·2025-03-13·CVSS 7.8
CVE-2025-0927 linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities
linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
(CVE-2024-53104)
OSV
linux-nvidia vulnerabilities
osv·2025-03-07·CVSS 7.8
CVE-2025-0927 linux-nvidia vulnerabilities
linux-nvidia vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
(CVE-2024-53104)
OSV
linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop vulnerabilities
osv·2025-03-05·CVSS 7.8
CVE-2025-0927 linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop vulnerabilities
linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- Network drivers;
(CVE-2024-50274, CVE-2024-53104, CVE-2024-53064)
OSV
linux-aws, linux-aws-6.8, linux-oracle, linux-oracle-6.8, linux-raspi vulnerabilities
osv·2025-03-05·CVSS 7.8
CVE-2025-0927 linux-aws, linux-aws-6.8, linux-oracle, linux-oracle-6.8, linux-raspi vulnerabilities
linux-aws, linux-aws-6.8, linux-oracle, linux-oracle-6.8, linux-raspi vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
(CVE-2024-53104)
CISA
Linux Kernel Out-of-Bounds Write Vulnerability
cisa·2025-02-05·CVSS 7.8
CVE-2024-53104 [HIGH] CWE-787 Linux Kernel Out-of-Bounds Write Vulnerability
Vulnerability: Linux Kernel Out-of-Bounds Write Vulnerability
Affected: Linux Kernel
Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024120232-CVE-2024-53104-d781@gregkh/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-53104
Remediation Due Date: 2025-02-26
No detection rules found.
No public exploits indexed.
2025-07-01
Published