CVE-2025-7519
- Source
- https://cve.org/CVERecord?id=CVE-2025-7519
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7519.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-7519
- Downstream
- Related
- Published
- 2025-07-14T14:15:25.593Z
- Modified
- 2026-04-10T05:37:03.083652Z
- Severity
-
- 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
- References
Affected packages
Git / github.com/polkit-org/polkit
Affected ranges
- Type
- GIT
- Repo
- https://github.com/polkit-org/polkit
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.100
0.101
0.102
0.103
0.104
0.105
0.106
0.107
0.108
0.109
0.110
0.111
0.112
0.113
0.114
0.115
0.116
0.117
0.118
0.119
0.120
0.91
0.92
0.93
0.94
0.95
0.96
0.97
0.98
0.99
Other
121
122
123
124
125
126
POLICY_KIT_0_3
POLICY_KIT_0_4
POLICY_KIT_0_5
POLICY_KIT_0_6
POLICY_KIT_0_7
POLICY_KIT_0_8
POLICY_KIT_0_9
start
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7519.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
}
]