CVE-2025-32438

{"id": "CVE-2025-32438", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2025-04-15T20:15:39.533", "references": [{"url": "https://github.com/NixOS/nixpkgs/commit/b17590193d8e5697000c23c66afcf11e1753734d", "source": "security-advisories@github.com"}, {"url": "https://github.com/NixOS/nixpkgs/commit/fbf76bf72b161b9f4ab97704a8258776d5f3ffba", "source": "security-advisories@github.com"}, {"url": "https://github.com/NixOS/nixpkgs/security/advisories/GHSA-m7pq-h9p4-8rr4", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-378"}, {"lang": "en", "value": "CWE-379"}]}], "descriptions": [{"lang": "en", "value": "make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;."}, {"lang": "es", "value": "make-initrd-ng es una herramienta para copiar binarios y sus dependencias. La escalada de privilegios locales afecta a todos los usuarios de NixOS. Con systemd.shutdownRamfs.enable habilitado (predeterminado), un usuario local puede crear un programa que ser\u00e1 ejecutado por root durante el apagado. Existen parches para NixOS 24.11 y 25.05 (inestable). Como workaround, configure systemd.shutdownRamfs.enable = false;."}], "lastModified": "2025-04-16T13:25:59.640", "sourceIdentifier": "security-advisories@github.com"}