CVE-2025-53391

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-53391

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53391.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53391

Downstream

DEBIAN-CVE-2025-53391

UBUNTU-CVE-2025-53391

USN-8218-1

Published

2025-06-28T22:15:23Z

Modified

2026-04-10T05:30:49.467074Z

Summary

[none]

Details

The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt6.2.0-1 package has insecure PolicyKit allowany/allowinactive/allowactive settings that allow a local user to escalate their privileges to root.

References

https://bugs.debian.org/1108288
https://deb.debian.org/debian/pool/main/z/zulucrypt/zulucrypt_6.2.0-1.dsc
https://salsa.debian.org/debian/zulucrypt/-/blob/9d661c9f384c4d889d3387944e14ac70cfb9684b/debian/patches/fix_zulupolkit_policy.patch
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108288

CVE-2025-53391

Affected packages