CVE-2025-32435

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-32435

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32435.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-32435

Aliases

GHSA-j7w7-965w-vjxw

Published

2025-04-15T22:19:46.856Z

Modified

2026-04-10T05:25:53.860866Z

Severity

2.6 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Hydra no restricted eval after nix-eval-jobs migration

Details

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users respectively.

Database specific

{
    "cwe_ids": [
        "CWE-95"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32435.json"
}

References

Affected packages

Git / github.com/nixos/hydra

Affected ranges

Type: GIT
Repo: https://github.com/nixos/hydra
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8d750265135b7e203520036a742afdf301b4013f

Type: GIT
Repo: https://github.com/nixos/nix-eval-jobs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e376e07271dd405d5427e2dd4a29864fb5347f34

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.6

v2.*

v2.12.0

v2.12.1

v2.14.0

v2.17.0

v2.17.1

v2.18.0

v2.21.0

v2.22.1

v2.23.0

v2.24.0

v2.24.1

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.9.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2025-04-11"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32435.json"