CVE-2025-46415

{"id": "CVE-2025-46415", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.2, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.4}]}, "published": "2025-06-27T14:15:37.870", "references": [{"url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017", "source": "cve@mitre.org"}, {"url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/", "source": "cve@mitre.org"}, {"url": "https://labs.snyk.io", "source": "cve@mitre.org"}, {"url": "https://lix.systems/blog/2025-06-24-lix-cves/", "source": "cve@mitre.org"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2025-46415", "source": "cve@mitre.org"}, {"url": "https://security.snyk.io/vuln/?search=CVE-2025-46415", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b."}, {"lang": "es", "value": "Una condici\u00f3n de ejecuci\u00f3n en los gestores de paquetes Nix, Lix y Guix permite la eliminaci\u00f3n de contenido de carpetas arbitrarias. Esto afecta a Nix anteriores a 2.24.15, 2.26.4, 2.28.4 y 2.29.1; Lix anteriores a 2.91.2, 2.92.2 y 2.93.1; y Guix anteriores a 1.4.0-38.0e79d5b."}], "lastModified": "2025-06-30T18:38:48.477", "sourceIdentifier": "cve@mitre.org"}