CVEFinder.io

CVE-2025-7519

đŸ”ļ medium
Summary

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

CVSS Score
6.7
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2025-07-14
First Seen: 2026-01-05
Last Modified 2025-08-11
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-787

🔗 References 4

https://access.redhat.com/security/cve/CVE-2025-7519
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2379675
Issue Tracking
https://github.com/polkit-org/polkit/commit/107d3801...
Patch
https://github.com/polkit-org/polkit/pull/570
Patch

đŸ“Ļ Affected Products 6

Vendor Product Status Affected Versions
redhat enterprise_linux Affected
v10.0
redhat enterprise_linux Affected
v6.0
redhat enterprise_linux Affected
v7.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
redhat openshift_container_platform Affected
v4.0

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14512 đŸ”ļ medium 6.5 0.1 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov... 2025-12-11
CVE-2025-14087 đŸ”ļ medium 5.6 0.3 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a... 2025-12-10
CVE-2025-9784 ⚠ī¸ high 7.5 0.4 A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering ab... 2025-09-02
CVE-2025-8283 ℹī¸ low 3.7 0.0 A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman se... 2025-07-28
CVE-2025-32988 đŸ”ļ medium 6.5 0.1 A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the expo... 2025-07-10
CVE-2025-32989 đŸ”ļ medium 5.3 0.1 A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Cert... 2025-07-10
These CVEs affect the same products