CVE-2025-59378

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-59378

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59378.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-59378

Downstream

DEBIAN-CVE-2025-59378

UBUNTU-CVE-2025-59378

Published

2025-09-15T06:15:37Z

Modified

2026-04-10T05:32:01.150502Z

Summary

[none]

Details

In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).

References

https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerability-2025-2/
https://codeberg.org/guix/guix/commit/1618ca7aa2ee8b6519ee9fd0b965e15eca2bfe45

CVE-2025-59378

Affected packages