Skip to main content

Simgear CVE-2025-0781

HIGH
Incorrect Authorization (CWE-863)
2025-01-28 cve@gitlab.com
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:06 vuln.today
Patch released
Mar 28, 2026 - 18:06 nvd
Patch available
CVE Published
Jan 28, 2025 - 17:15 nvd
HIGH 8.6

DescriptionCVE.org

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

AnalysisAI

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. Affected products include: Flightgear Simgear, Debian Debian Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2025-0781 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy