AZL-65379

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65379.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-65379

Upstream

CVE-2025-7519

Published

2025-07-14T14:15:25Z

Modified

2026-04-21T04:37:35.188028Z

Summary

CVE-2025-7519 affecting package polkit for versions less than 0.119-4

Details

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-7519

Affected packages

Azure Linux:2 / polkit

Package

Name: polkit
Purl: pkg:rpm/azure-linux/polkit

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.119-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65379.json"