CVE-2025-53819 — Privilege Dropping / Lowering Errors in NIX

CWE-271 — Privilege Dropping / Lowering Errors2 documents2 sources

Severity

7.9HIGHNVD

EPSS

0.0%

top 92.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nixos NIX Debian NIX

Timeline

PublishedJul 14

Description

Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:LExploitability: 2.0 | Impact: 5.3

Affected Packages2 packages

▶CVEListV5nixos/nix= 2.30.0

▶debiandebian/nix

📋Vendor Advisories

Debian

CVE-2025-53819: nix - Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30....↗2025

▶