CVE-2025-59378 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-59378 at MITRE

Description

In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v3 Scores
CVSS detail	CNA (MITRE)
Base Score	5.7
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Attack Vector	Local
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Changed
Confidentiality Impact	Low
Integrity Impact	Low
Availability Impact	None
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1249603 [NEW]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Mon Sep 15 10:00:05 2025
CVE page last modified: Mon Oct 6 20:11:54 2025