Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Lifecycle Timeline
4DescriptionCVE.org
A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.
Analysis
A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.
Technical ContextAI
Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized.
RemediationAI
Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).
Same weakness CWE-61 – UNIX Symbolic Link (Symlink) Following
View allSame technique Privilege Escalation
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| trusty | not-affected | SUSE specific |
| xenial | not-affected | SUSE specific |
| bionic | not-affected | SUSE specific |
| focal | not-affected | SUSE specific |
| jammy | not-affected | SUSE specific |
| noble | not-affected | SUSE specific |
| plucky | not-affected | SUSE specific |
| upstream | not-affected | SUSE specific |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 4.94.2-7+deb11u3 | - |
| bullseye (security) | fixed | 4.94.2-7+deb11u4 | - |
| bookworm, bookworm (security) | fixed | 4.96-15+deb12u7 | - |
| trixie | fixed | 4.98.2-1 | - |
| forky, sid | fixed | 4.99.1-1 | - |
| (unstable) | not-affected | - | - |
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-32655