CVE-2025-53819

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-53819

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53819.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53819

Aliases

GHSA-qc7j-jgf3-qmhg

Published

2025-07-14T20:42:12.818Z

Modified

2026-04-12T17:41:43.573563Z

Severity

7.9 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L CVSS Calculator

Summary

Nix's privilege dropping to build user broke for macOS

Details

Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.

Database specific

{
    "cwe_ids": [
        "CWE-271"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53819.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/nixos/nix

Affected ranges

Type: GIT
Repo: https://github.com/nixos/nix
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e2ef2cfcbc83ea01308ee64c38a58707ab23dec3

Affected versions

1.*

1.0

1.1

1.10

1.11

1.11.1

1.2

1.3

1.4

1.5

1.5.1

1.5.2

1.5.3

1.6

1.6.1

1.7

1.8

1.9

2.*

2.0

2.2

Database specific

vanir_signatures_modified

"2026-04-12T17:41:43Z"

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53819.json"

vanir_signatures

[
    {
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "176488036611194801057003884013335359869",
                "168816349759201478441357596660351132374",
                "40709139274348560864228941697657986702",
                "172916871977279862353849037828058460182"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/nixos/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3",
        "id": "CVE-2025-53819-5b62e5e6",
        "target": {
            "file": "src/libstore/unix/user-lock.cc"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "length": 321.0,
            "function_hash": "198519095843597891743568744371673451303"
        },
        "signature_version": "v1",
        "source": "https://github.com/nixos/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3",
        "id": "CVE-2025-53819-f8e48483",
        "target": {
            "function": "useBuildUsers",
            "file": "src/libstore/unix/user-lock.cc"
        }
    }
]