CVE-2025-5199

{"id": "CVE-2025-5199", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@ubuntu.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-07-12T00:15:23.460", "references": [{"url": "https://github.com/canonical/multipass/pull/4115", "tags": ["Issue Tracking", "Patch"], "source": "security@ubuntu.com"}, {"url": "https://github.com/canonical/multipass/security/advisories/GHSA-2j82-p5cq-62p3", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "https://github.com/canonical/multipass/security/advisories/GHSA-2j82-p5cq-62p3", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@ubuntu.com", "description": [{"lang": "en", "value": "CWE-276"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup."}, {"lang": "es", "value": "En Canonical Multipass hasta la versi\u00f3n 1.15.1 incluida en macOS, los permisos predeterminados incorrectos permiten que un atacante local aumente los privilegios modificando archivos ejecutados con privilegios administrativos por un Launch Daemon durante el inicio del sistema."}], "lastModified": "2025-08-26T18:37:22.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:canonical:multipass:*:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9686E3D5-2990-4588-827F-95994C955DFD", "versionEndExcluding": "1.16.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@ubuntu.com"}