CVE-2025-5791

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:12359
https://access.redhat.com/security/cve/CVE-2025-5791
https://bugzilla.redhat.com/show_bug.cgi?id=2370001
https://crates.io/crates/users
https://github.com/ogham/rust-users/issues/44
https://rustsec.org/advisories/RUSTSEC-2025-0040.html

Configurations

No configuration.

History

31 Jul 2025, 16:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:12359 -

09 Jun 2025, 12:15

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en el crate del usuario para Rust. Esta vulnerabilidad permite la escalada de privilegios mediante una lista de grupos incorrecta cuando un usuario o proceso tiene menos de exactamente 1024 grupos, lo que provoca la inclusión errónea del grupo raíz en la lista de acceso.

06 Jun 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-06 14:15

Updated : 2025-07-31 16:15

NVD link : CVE-2025-5791

Mitre link : CVE-2025-5791

CVE.ORG link : CVE-2025-5791

JSON object : View

Products Affected

No product.

CWE

CWE-266

Incorrect Privilege Assignment

7.1 /10