CVE-2025-0781

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-0781
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358 Patch
https://gitlab.com/flightgear/flightgear/-/issues/3025 Broken Link
https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8 Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:flightgear:simgear:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
History

06 Aug 2025, 19:25

Type Values Removed Values Added
First Time Debian
Flightgear simgear
Flightgear
Debian debian Linux
References () https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358 - () https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358 - Patch
References () https://gitlab.com/flightgear/flightgear/-/issues/3025 - () https://gitlab.com/flightgear/flightgear/-/issues/3025 - Broken Link
References () https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8 - () https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8 - Patch
References () https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html - () https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html - () https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html - Mailing List, Third Party Advisory
CPE cpe:2.3:a:flightgear:simgear:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

29 Jan 2025, 22:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html -

29 Jan 2025, 19:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html -
Summary
  • (es) Un atacante puede eludir la sandbox de Nasal scripts y escribir arbitrariamente en cualquier ruta de archivo que el usuario tenga permiso para modificar en el nivel operativo sistema.

28 Jan 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-28 17:15

Updated : 2025-08-06 19:25

NVD link : CVE-2025-0781

Mitre link : CVE-2025-0781

CVE.ORG link : CVE-2025-0781

JSON object : View

Products Affected

flightgear

  • simgear

debian

  • debian_linux
CWE
CWE-863

Incorrect Authorization