CVE-2025-7519
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-08-11
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in polkit occurs when it processes an XML policy file containing 32 or more nested elements. This can trigger an out-of-bounds write, potentially causing the polkit service to crash or behave unexpectedly. There is also a possibility that arbitrary code execution could occur. Exploiting this flaw requires a high-privilege account to place the malicious policy file. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can cause the polkit service to crash or behave unpredictably, which may disrupt system operations. Additionally, there is a risk of arbitrary code execution, which could allow an attacker with high privileges to execute malicious code on the system, potentially compromising system integrity and security. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that only trusted high-privilege users have the ability to place or modify polkit XML policy files. Review and restrict permissions on policy files to prevent unauthorized modifications. Additionally, monitor for updates or patches from your Linux distribution and apply them promptly once available. [1]