CVE-2025-46415
BaseFortify
Publication date: 2025-06-27
Last updated on: 2025-06-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a race condition in the Nix, Lix, and Guix package managers that allows the removal of content from arbitrary folders. It specifically affects versions of Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. In Guix, it is related to privilege escalation issues, meaning an attacker could exploit this flaw to gain higher privileges than intended. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remove content from arbitrary folders due to the race condition, potentially leading to denial of service or unauthorized modification of files. In the case of Guix, it can lead to privilege escalation, where an attacker gains elevated permissions, which could compromise system integrity and security. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include monitoring for updates and applying patches once they become available, as no fixed version is currently available in the unstable source package. You should track the Guix Codeberg repository for commits and pull requests addressing this issue and consider restricting or auditing the use of affected package manager versions until a fix is released. [1]