Skip to main content

Ubuntu CVE-2025-46415

| EUVDEUVD-2025-19426 LOW
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2025-06-27 cve@mitre.org
3.2
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.2 LOW
AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
Ubuntu
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 00:16 euvd
EUVD-2025-19426
Analysis Generated
Mar 16, 2026 - 00:16 vuln.today
CVE Published
Jun 27, 2025 - 14:15 nvd
LOW 3.2

DescriptionCVE.org

A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.

Analysis

A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.

Technical ContextAI

A race condition occurs when the behavior of software depends on the timing of events, such as the order of execution of threads or processes.

RemediationAI

Use proper synchronization mechanisms (locks, mutexes, atomic operations). Implement file locking for filesystem operations. Avoid TOCTOU patterns.

Vendor StatusVendor

Ubuntu

Priority: Medium
guix
Release Status Version
jammy needs-triage -
noble needs-triage -
upstream needs-triage -
oracular ignored end of life, was needs-triage
plucky ignored end of life, was needs-triage
questing DNE -

Debian

Bug #1108318
guix
Release Status Fixed Version Urgency
bullseye fixed (unfixed) end-of-life
bullseye (security) vulnerable 1.2.0-4+deb11u3 -
sid vulnerable 1.4.0-9 -
(unstable) fixed (unfixed) -

Share

CVE-2025-46415 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy