CVE-2025-3931

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:7592
https://access.redhat.com/security/cve/CVE-2025-3931
https://bugzilla.redhat.com/show_bug.cgi?id=2362345
https://github.com/RedHatInsights/yggdrasil/pull/336

Configurations

No configuration.

History

25 Jul 2025, 22:15

Type	Values Removed	Values Added
References		() https://github.com/RedHatInsights/yggdrasil/pull/336 -

16 May 2025, 14:43

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-14 12:15

Updated : 2025-07-25 22:15

NVD link : CVE-2025-3931

Mitre link : CVE-2025-3931

CVE.ORG link : CVE-2025-3931

JSON object : View

Products Affected

No product.

CWE

CWE-280

Improper Handling of Insufficient Permissions or Privileges

{"id": "CVE-2025-3931", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-05-14T12:15:19.493", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:7592", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-3931", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362345", "source": "secalert@redhat.com"}, {"url": "https://github.com/RedHatInsights/yggdrasil/pull/336", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-280"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's \"worker\" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. \n\nThis flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Yggdrasil, que act\u00faa como intermediario del sistema, permitiendo que los procesos se comuniquen con los procesos \"worker\" de otros subordinados a trav\u00e9s del componente DBus. Yggdrasil crea un m\u00e9todo DBus para enviar mensajes a los trabajadores. Sin embargo, omite las comprobaciones de autenticaci\u00f3n y autorizaci\u00f3n, lo que permite que cualquier usuario del sistema lo invoque. Un trabajador de Yggdrasil disponible act\u00faa como gestor de paquetes, con la capacidad de crear y habilitar nuevos repositorios e instalar o eliminar paquetes. Esta falla permite a un atacante con acceso al sistema aprovechar la falta de autenticaci\u00f3n en el mensaje de env\u00edo para forzar al trabajador de Yggdrasil a instalar paquetes RPM arbitrarios. Este problema provoca una escalada de privilegios local, lo que permite al atacante acceder y modificar datos confidenciales del sistema."}], "lastModified": "2025-07-25T22:15:25.153", "sourceIdentifier": "secalert@redhat.com"}