CVE-2025-64507

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-64507
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64507.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-64507
Aliases
Downstream
Published
2025-11-10T21:56:26.578Z
Modified
2026-03-14T22:01:30.911571Z
Severity
  • 8.6 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Incus vulnerable to local privilege escalation through custom storage volumes
Details

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would be systems using incus-user with the less privileged incus group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed.

Database specific 
{
    "cwe_ids": [
        "CWE-269"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64507.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/lxc/incus

Affected ranges

Type
GIT
Repo
https://github.com/lxc/incus
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5231e7a1beca905d57208b441040f9ebdc6a2c6f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.0.6"
        }
    ]
}
Type
GIT
Repo
https://github.com/lxc/incus
Events
Introduced
38d0bc57d4ae8926b0adfad475f2d4ca70a1c734
Fixed
b19f4195c0f5cbe82444b119a8c4ff5c8f6443ec
Database specific 
{
    "versions": [
        {
            "introduced": "6.1.0"
        },
        {
            "fixed": "6.19.0"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.2.0
v0.3.0
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.7.0
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.1.0
v6.10.0
v6.10.1
v6.11.0
v6.12.0
v6.13.0
v6.14.0
v6.15.0
v6.16.0
v6.17.0
v6.18.0
v6.2.0
v6.3.0
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64507.json"