CVE-2025-53881
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-10-02
Assigner: SUSE
Description
Description
A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| suse | exim | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-61 | The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a UNIX Symbolic Link (Symlink) Following issue in the logrotate configuration of the exim package. It allows an attacker with mail user/group privileges to escalate their privileges to root by exploiting the way symbolic links are handled during log rotation.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation from a lower-privileged mail user/group to root, potentially allowing an attacker to gain full control over the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70