CVE-2025-52936
BaseFortify
Publication date: 2025-06-23
Last updated on: 2025-11-03
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper link resolution issue before file access in the sslh project before version 2.2.2. Specifically, it involves the handling of symbolic links (symlinks) in the creation or management of the PID file in the function write_pid_file(). The code was cloned from another project (unbound) but did not include the security patch that fixed similar symlink handling issues there. This could allow an attacker to interfere with or exploit the PID file handling by using symlinks improperly. The vulnerability was fixed by applying the same patch from unbound to sslh, preventing symlink interference. [1]
How can this vulnerability impact me? :
The vulnerability could potentially allow an attacker to interfere with the PID file used by sslh, which might lead to security issues such as unauthorized manipulation of the process management. However, the risk of privilege escalation is mitigated because sslh either runs as root (where escalation is not possible) or as a local user who owns the PID file. Therefore, while the vulnerability allows symlink interference, the impact on privilege escalation is limited. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper handling of symbolic links in the PID file management of sslh before version 2.2.2. To detect if your system is vulnerable, check the sslh version installed. You can run the command `sslh --version` or `sslh -v` to determine the version. Additionally, inspect the PID file location for symbolic links using `ls -l /path/to/sslh.pid` to see if the PID file is a symlink, which could indicate exposure to this issue. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade sslh to version 2.2.3 or later, where the security fix preventing symlink interference in PID file handling has been applied. If upgrading immediately is not possible, ensure that the PID file is not a symbolic link and restrict permissions on the PID file and its directory to trusted users only to reduce risk. [1]