CVE-2025-0781

Опубликовано: 28 янв. 2025

Источник: nvd

CVSS3: 8.6

CVSS3: 9.9

EPSS Низкий

Описание

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

Ссылки

https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358
Patch
https://gitlab.com/flightgear/flightgear/-/issues/3025
Broken Link
https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flightgear:simgear:*:*:*:*:*:*:*:*

Версия до 2020.3.19 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00084

Низкий

8.6 High

CVSS3

9.9 Critical

CVSS3

Дефекты

CWE-863

Связанные уязвимости

CVE-2025-0781

CVSS3: 8.6

ubuntu

около 1 года назад

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

CVE-2025-0781

CVSS3: 8.6

debian

около 1 года назад

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily ...

GHSA-555q-7wq3-w6ch

CVSS3: 8.6

github

около 1 года назад

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

EPSS

Процентиль: 25%

0.00084

Низкий

8.6 High

CVSS3

9.9 Critical

CVSS3

Дефекты

CWE-863