SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/41xxx/CVE-2025-41259.json",
"cna_assigner": "sba-research",
"cwe_ids": [
"CWE-367"
]
}