CVE-2025-7519

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-7519

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7519.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-7519

Downstream

UBUNTU-CVE-2025-7519

Published

2025-07-14T14:15:25Z

Modified

2025-07-29T11:23:47.645621Z

Summary

[none]

Details

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

References

Affected packages

Debian:11 / policykit-1

Package

Name: policykit-1
Purl: pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.105-31

0.105-31+deb11u1

0.105-31.1~deb12u1

0.105-31.1

0.105-32

0.105-33

0.109-1

0.110-1

0.110-2

0.110-3

0.112-1

0.112-2

0.112-3

0.112-4

0.112-5

0.113-1

0.113-2

0.113-3

0.113-4

0.113-5

0.113-6

0.114-1

0.115-1

0.115-2

0.115-3

0.116-1

0.116-2

0.116-3

0.117-1

0.118-1

0.118-2

0.119-1

0.120-1

0.120-2

0.120-3

0.120-4

0.120-5

0.120-6

Other

121-1

121-2

122-1

122-2

122-3

122-4

123-1

123-2

123-3

124-1

124-2

124-3

125-1

125-2

126-1

126-2

121+compat0.*

121+compat0.1-1

121+compat0.1-2

121+compat0.1-3

121+compat0.1-4

121+compat0.1-5

121+compat0.1-6

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / policykit-1

Package

Name: policykit-1
Purl: pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

122-3

122-4

123-1

123-2

123-3

124-1

124-2

124-3

125-1

125-2

126-1

126-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / policykit-1

Package

Name: policykit-1
Purl: pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

126-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/polkit-org/polkit

Affected ranges

Type: GIT
Repo: https://github.com/polkit-org/polkit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

107d3801361b9f9084f78710178e683391f1d245

Affected versions

0.*

0.100

0.101

0.102

0.103

0.104

0.105

0.106

0.107

0.108

0.109

0.110

0.111

0.112

0.113

0.114

0.115

0.116

0.117

0.118

0.119

0.120

0.91

0.92

0.93

0.94

0.95

0.96

0.97

0.98

0.99

Other

121

122

123

124

125

126

POLICY_KIT_0_3

POLICY_KIT_0_4

POLICY_KIT_0_5

POLICY_KIT_0_6

POLICY_KIT_0_7

POLICY_KIT_0_8

POLICY_KIT_0_9

start