Upstream information
Description
A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
CNA (MITRE) | |
---|---|
Base Score | 3.2 |
Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L |
Attack Vector | Local |
Attack Complexity | High |
Privileges Required | None |
User Interaction | None |
Scope | Changed |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Low |
CVSSv3 Version | 3.1 |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-15248 |
SUSE Timeline for this CVE
CVE page created: Tue Jun 24 18:30:13 2025CVE page last modified: Mon Jul 7 12:42:03 2025