CVE-2025-64507
BaseFortify
Publication date: 2025-11-10
Last updated on: 2025-12-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxcontainers | incus | to 6.0.6 (exc) |
| linuxcontainers | incus | From 6.1.0 (inc) to 6.19.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo | |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Incus versions prior to 6.0.6 and 6.19.0. It allows an unprivileged user who has root access inside a container with a custom storage volume set with the 'security.shifted' property to 'true' and also has unprivileged access to the host, to create a setuid binary inside the container. This binary can then be executed on the host as an unprivileged user to gain root privileges, effectively escalating their privileges on the host system.
How can this vulnerability impact me? :
This vulnerability can lead to privilege escalation where an unprivileged user inside a container can gain root privileges on the host system. This compromises the security of the host, potentially allowing unauthorized access, control over the host system, and the ability to perform malicious actions with root privileges.
What immediate steps should I take to mitigate this vulnerability?
Until a patched version of Incus (6.0.6 or 6.19.0) is deployed, manually restrict permissions related to custom storage volumes with the 'security.shifted' property set to true, especially for unprivileged users with access to containers and the host. This reduces the risk of unprivileged users creating setuid binaries that could escalate privileges.