Untriaged
Permalink
CVE-2025-53882
9.1 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
python-mailmans logrotate configuration allows potential escalation from mailman to root
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSEs mailman3 package allows potential escalation from mailman to rootThis issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.1.
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53882
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53882
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53882
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53882
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53882
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53882
Affected products
mailman3
- <3.3.10-2.1
Matching in nixpkgs
pkgs.prometheus-mailman3-exporter
Mailman3 Exporter for Prometheus
-
nixos-unstable -
- nixpkgs-unstable 0.9.1
Package maintainers
-
@MarcelCoding Marcel <me@m4rc3l.de>