CVE-2025-7519

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-7519
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7519.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-7519
Downstream
Published
2025-07-14T14:15:25Z
Modified
2025-08-26T19:24:07.814860Z
Summary
[none]
Details

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

References

Affected packages

Debian:11 / policykit-1

Package

Name
policykit-1
Purl
pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.105-31
0.105-31+deb11u1
0.105-31.1~deb12u1
0.105-31.1
0.105-32
0.105-33
0.109-1
0.110-1
0.110-2
0.110-3
0.112-1
0.112-2
0.112-3
0.112-4
0.112-5
0.113-1
0.113-2
0.113-3
0.113-4
0.113-5
0.113-6
0.114-1
0.115-1
0.115-2
0.115-3
0.116-1
0.116-2
0.116-3
0.117-1
0.118-1
0.118-2
0.119-1
0.120-1
0.120-2
0.120-3
0.120-4
0.120-5
0.120-6

Other

121-1
121-2
122-1
122-2
122-3
122-4
123-1
123-2
123-3
124-1
124-2
124-3
125-1
125-2
126-1
126-2

121+compat0.*

121+compat0.1-1
121+compat0.1-2
121+compat0.1-3
121+compat0.1-4
121+compat0.1-5
121+compat0.1-6

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / policykit-1

Package

Name
policykit-1
Purl
pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

122-3
122-4
123-1
123-2
123-3
124-1
124-2
124-3
125-1
125-2
126-1
126-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / policykit-1

Package

Name
policykit-1
Purl
pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

126-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / policykit-1

Package

Name
policykit-1
Purl
pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

126-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/polkit-org/polkit

Affected ranges

Type
GIT
Repo
https://github.com/polkit-org/polkit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.100
0.101
0.102
0.103
0.104
0.105
0.106
0.107
0.108
0.109
0.110
0.111
0.112
0.113
0.114
0.115
0.116
0.117
0.118
0.119
0.120
0.91
0.92
0.93
0.94
0.95
0.96
0.97
0.98
0.99

Other

121
122
123
124
125
126
POLICY_KIT_0_3
POLICY_KIT_0_4
POLICY_KIT_0_5
POLICY_KIT_0_6
POLICY_KIT_0_7
POLICY_KIT_0_8
POLICY_KIT_0_9
start