CVE-2025-53391

Published: Jun 28, 2025Modified: Jun 30, 2025

9.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.5 / Impact: 6.0

Source: MITRE (Secondary)

Description

The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root.

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://bugs.debian.org/1108288

Source: cve@mitre.org

https://deb.debian.org/debian/pool/main/z/zulucrypt/zulucrypt_6.2.0-1.dsc

Source: cve@mitre.org

https://salsa.debian.org/debian/zulucrypt/-/blob/9d661c9f384c4d889d3387944e14ac70cfb9684b/debian/patches/fix_zulupolkit_policy.patch

Source: cve@mitre.org

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108288

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.