Upstream information
Description
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.Initially assigned to document an issues that allows guest VM to modify the host's Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary. https://developer.hashicorp.com/vagrant/docs/synced-folders
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| CNA (VulnCheck) | |
|---|---|
| Base Score | 5.4 |
| Vector | CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
| Attack Vector | Local |
| Attack Complexity | Low |
| Attack Requirements | Present |
| Privileges Required | Low |
| User Interaction | Active |
| Vulnerable System Confidentiality Impact | High |
| Vulnerable System Integrity Impact | High |
| Vulnerable System Availability Impact | High |
| Subsequent System Confidentiality Impact | None |
| Subsequent System Integrity Impact | None |
| Subsequent System Availability Impact | None |
| CVSSv4 Version | 4.0 |
SUSE Timeline for this CVE
CVE page created: Thu Jul 3 00:00:40 2025CVE page last modified: Mon Sep 1 16:31:02 2025