Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Lifecycle Timeline
4DescriptionCVE.org
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary. https://developer.hashicorp.com/vagrant/docs/synced-folders
AnalysisAI
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary. https://developer.hashicorp.com/vagrant/docs/synced-folders
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Vendor StatusVendor
Ubuntu
Priority: Negligible| Release | Status | Version |
|---|---|---|
| noble | DNE | - |
| oracular | DNE | - |
| plucky | DNE | - |
| bionic | not-affected | - |
| focal | not-affected | - |
| jammy | not-affected | - |
| upstream | not-affected | - |
| xenial | not-affected | - |
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19756
GHSA-hqp6-mjw3-f586