CVE-2025-7519
published 2025-07-14CVE-2025-7519: A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | policykit-1 | < policykit-1 127-1 (forky) | policykit-1 127-1 (forky) |
| hono | hono | >= 1.1.0 < 4.10.2 | 4.10.2 |
| msrc | azl3_polkit_123-3_on_azure_linux_3.0 | — | — |
| msrc | cbl2_polkit_0.119-4_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | openshift_container_platform | — | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv6.7MEDIUM