CVE-2025-52991

The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.

CVSS v3 3.2 LOW

3.2^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.4 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017
https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/
https://labs.snyk.io
https://lix.systems/blog/2025-06-24-lix-cves/
https://security-tracker.debian.org/tracker/CVE-2025-52991
https://security.snyk.io/vuln/?search=CVE-2025-52991

Configurations

No configuration.

History

30 Jun 2025, 18:38

Type	Values Removed	Values Added
Summary		(es) Los gestores de paquetes Nix, Lix y Guix utilizan por defecto directorios de compilación temporales en una ubicación legible y modificable para todos. Esto permite a los usuarios estándar engañar al gestor de paquetes para que utilice directorios con contenido preexistente, lo que podría provocar acciones no autorizadas o manipulación de datos. Esto afecta a Nix anteriores a las versiones 2.24.15, 2.26.4, 2.28.4 y 2.29.1; Lix anteriores a las versiones 2.91.2, 2.92.2 y 2.93.1; y Guix anteriores a la versión 1.4.0-38.0e79d5b.

27 Jun 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-27 14:15

Updated : 2025-06-30 18:38

NVD link : CVE-2025-52991

Mitre link : CVE-2025-52991

CVE.ORG link : CVE-2025-52991

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2025-52991", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.2, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.4}]}, "published": "2025-06-27T14:15:41.253", "references": [{"url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017", "source": "cve@mitre.org"}, {"url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/", "source": "cve@mitre.org"}, {"url": "https://labs.snyk.io", "source": "cve@mitre.org"}, {"url": "https://lix.systems/blog/2025-06-24-lix-cves/", "source": "cve@mitre.org"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2025-52991", "source": "cve@mitre.org"}, {"url": "https://security.snyk.io/vuln/?search=CVE-2025-52991", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b."}, {"lang": "es", "value": "Los gestores de paquetes Nix, Lix y Guix utilizan por defecto directorios de compilaci\u00f3n temporales en una ubicaci\u00f3n legible y modificable para todos. Esto permite a los usuarios est\u00e1ndar enga\u00f1ar al gestor de paquetes para que utilice directorios con contenido preexistente, lo que podr\u00eda provocar acciones no autorizadas o manipulaci\u00f3n de datos. Esto afecta a Nix anteriores a las versiones 2.24.15, 2.26.4, 2.28.4 y 2.29.1; Lix anteriores a las versiones 2.91.2, 2.92.2 y 2.93.1; y Guix anteriores a la versi\u00f3n 1.4.0-38.0e79d5b."}], "lastModified": "2025-06-30T18:38:48.477", "sourceIdentifier": "cve@mitre.org"}