Vulnerabilities

CVE-2025-59378

by Fred · 15/09/2025

In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).

More information : https://codeberg.org/guix/guix/commit/1618ca7aa2ee8b6519ee9fd0b965e15eca2bfe45

Similar

Tags: Cybersecurity Alert