CVE-2025-0781

Опубликовано: 28 янв. 2025

Источник: debian

EPSS Низкий

Описание

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
flightgear	fixed	1:2020.3.19+dfsg-1		package
flightgear	fixed	1:2020.3.16+dfsg-1+deb12u1	bookworm	package
simgear	fixed	1:2020.3.19+dfsg-1		package
simgear	fixed	1:2020.3.16+dfsg-1+deb12u1	bookworm	package

Примечания

Fixed by: https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358
Fixed by: https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8
Backported patch for 2020.3.6: https://gitlab.com/frougon/flightgear-flightgear/-/commit/cf99dc921aadab502ff90a1dd943d8bbb897de91
Backported patch for 2020.3.6: https://gitlab.com/frougon/flightgear-simgear/-/commit/f2e8c8ce3925e62275d97d46c73c32cbc864d80b

EPSS

Процентиль: 25%

0.00084

Низкий

Связанные уязвимости

CVE-2025-0781

CVSS3: 8.6

ubuntu

около 1 года назад

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

CVE-2025-0781

CVSS3: 8.6

nvd

около 1 года назад

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

GHSA-555q-7wq3-w6ch

CVSS3: 8.6

github

около 1 года назад

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

EPSS

Процентиль: 25%

0.00084

Низкий