Nixpkgs Security Tracker

Permalink CVE-2025-23386

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

gerbera: Privilege escalation from user gerbera to root because of insecure %post script

A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1.

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23386

Affected products

gerbera

<2.5.0-1.1

Matching in nixpkgs

pkgs.gerbera

UPnP Media Server for 2024

nixos-unstable -
- nixpkgs-unstable 2.5.0

Package maintainers

@ardumont Antoine R. Dumont <eniotna.t@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.gerbera

Package maintainers