CVE-2025-53391

The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root.

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://bugs.debian.org/1108288
https://deb.debian.org/debian/pool/main/z/zulucrypt/zulucrypt_6.2.0-1.dsc
https://salsa.debian.org/debian/zulucrypt/-/blob/9d661c9f384c4d889d3387944e14ac70cfb9684b/debian/patches/fix_zulupolkit_policy.patch
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108288

Configurations

No configuration.

History

30 Jun 2025, 18:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-28 22:15

Updated : 2025-06-30 18:38

NVD link : CVE-2025-53391

Mitre link : CVE-2025-53391

CVE.ORG link : CVE-2025-53391

JSON object : View

Products Affected

No product.

CWE

CWE-863

Incorrect Authorization

9.3 /10