CVE-2025-52991

{"id": "CVE-2025-52991", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.2, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.4}]}, "published": "2025-06-27T14:15:41.253", "references": [{"url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017", "source": "cve@mitre.org"}, {"url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/", "source": "cve@mitre.org"}, {"url": "https://labs.snyk.io", "source": "cve@mitre.org"}, {"url": "https://lix.systems/blog/2025-06-24-lix-cves/", "source": "cve@mitre.org"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2025-52991", "source": "cve@mitre.org"}, {"url": "https://security.snyk.io/vuln/?search=CVE-2025-52991", "source": "cve@mitre.org"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b."}], "lastModified": "2025-06-27T14:15:41.253", "sourceIdentifier": "cve@mitre.org"}