CVE-2025-5791

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-5791

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5791.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-5791

Aliases

Downstream

SUSE-RU-2025:20961-1

SUSE-RU-2025:21046-1

SUSE-SU-2025:02166-1

SUSE-SU-2025:3783-1

SUSE-SU-2025:3784-1

SUSE-SU-2025:3785-1

SUSE-SU-2025:3786-1

UBUNTU-CVE-2025-5791

openSUSE-SU-2025:15217-1

openSUSE-SU-2025:15246-1

openSUSE-SU-2025:15335-1

openSUSE-SU-2025:15412-1

openSUSE-SU-2025:15628-1

Related

Published

2025-06-06T14:15:23.137Z

Modified

2026-03-23T05:13:11.108847Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5791.json"