CVE-2025-53881

CWE-614 documents4 sources
Severity
6.9MEDIUM
EPSS
0.0%
top 92.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opensuse Tumbleweed
Timeline
PublishedOct 2

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5opensuse/tumbleweed? — 4.98.2-lp156.248.1

🔴Vulnerability Details

2
CVEList
SUSE-specific logrotate configuration allows escalation from mail user/group to root↗2025-10-02
â–¶
GHSA
GHSA-mj4q-r4hv-qwvc: A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to ro↗2025-10-02
â–¶

📋Vendor Advisories

1
Debian
CVE-2025-53881: exim4 - A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in th...↗2025
â–¶
CVE-2025-53881 (MEDIUM CVSS 6.9) | A UNIX Symbolic Link (Symlink) Foll | cvebase.io