CVE-2025-5791

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:12359
https://access.redhat.com/security/cve/CVE-2025-5791
https://bugzilla.redhat.com/show_bug.cgi?id=2370001
https://crates.io/crates/users
https://github.com/ogham/rust-users/issues/44
https://rustsec.org/advisories/RUSTSEC-2025-0040.html

Configurations

No configuration.

History

31 Jul 2025, 16:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:12359 -

09 Jun 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-06 14:15

Updated : 2025-07-31 16:15

NVD link : CVE-2025-5791

Mitre link : CVE-2025-5791

CVE.ORG link : CVE-2025-5791

JSON object : View

Products Affected

No product.

CWE

CWE-266

Incorrect Privilege Assignment

7.1 /10