Skip to main content

Rust CVE-2025-5791

| EUVDEUVD-2025-16945 HIGH
Incorrect Privilege Assignment (CWE-266)
2025-06-06 secalert@redhat.com GHSA-m65q-v92h-cm7q
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Ubuntu
MEDIUM
qualitative
SUSE
HIGH
qualitative
Red Hat
7.1 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch released
Apr 06, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-16945
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
CVE Published
Jun 06, 2025 - 14:15 nvd
HIGH 7.1

DescriptionCVE.org

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

AnalysisAI

Privilege escalation vulnerability in the Rust 'users' crate that incorrectly includes the root group in access control lists when a user or process has fewer than 1024 groups. An authenticated local attacker with low privileges can exploit this flaw to gain unauthorized access to resources restricted to the root group, achieving privilege escalation. The vulnerability requires local access and existing user privileges but has high impact on confidentiality and integrity.

Technical ContextAI

The vulnerability exists in the Rust 'users' crate, a library used for Unix/Linux user and group enumeration. The flaw stems from CWE-266 (Incorrect Privilege Assignment), specifically in the group listing logic. The vulnerability manifests when the crate's functions enumerate user groups and encounter a boundary condition: systems using getgroups() or similar APIs may incorrectly process group membership when the actual group count is below 1024 groups. This causes erroneous inclusion of group ID 0 (root) in the returned group list, even when the user is not actually a member of that group. The underlying issue likely involves buffer allocation logic, group enumeration loop termination, or group ID filtering that fails to properly validate group membership before inclusion in the access list.

RemediationAI

Remediation steps: (1) Identify all Rust projects and binaries with the 'users' crate as a dependency using 'cargo tree' or dependency auditing tools; (2) Update the 'users' crate to the patched version (release version number not provided in submission—consult the official Rust users crate repository on crates.io and GitHub for the fix); (3) Rebuild and redeploy affected Rust binaries; (4) For interim mitigation, restrict local user access on systems where feasible, implement AppArmor/SELinux policies to prevent unprivileged users from executing Rust binaries relying on users crate, or isolate service accounts to single-group membership; (5) Monitor audit logs (ausearch, journalctl) for unexpected privilege escalations or root group access by non-root users.

More in Rust

View all
CVE-2024-3566 CRITICAL POC
9.8 Apr 10

Command injection via Windows CreateProcess argument parsing affects multiple language runtimes and tooling (Node.js, PH

CVE-2021-31162 CRITICAL POC
9.8 Apr 14

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the ele

CVE-2021-28879 CRITICAL POC
9.8 Apr 11

In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer ove

CVE-2021-29922 CRITICAL POC
9.1 Aug 07

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginni

CVE-2019-12083 HIGH POC
8.1 May 13

The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, c

CVE-2021-28878 HIGH POC
7.5 Apr 11

In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once fo

CVE-2021-28875 HIGH POC
7.5 Apr 11

In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe c

CVE-2019-16760 HIGH POC
7.5 Sep 30

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration

CVE-2024-24576 CRITICAL
10.0 Apr 09

Rust is a programming language. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no auth

CVE-2018-1000810 CRITICAL
9.8 Oct 08

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contai

CVE-2021-28876 MEDIUM POC
5.3 Apr 11

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. Rated medium severity (C

CVE-2019-1010299 MEDIUM POC
5.3 Jul 15

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. Rated med

Vendor StatusVendor

Ubuntu

Priority: Medium
rust-users
Release Status Version
focal needs-triage -
jammy needs-triage -
noble needs-triage -
upstream needs-triage -
oracular ignored end of life, was needs-triage
questing DNE -
plucky ignored end of life, was needs-triage

SUSE

Severity: High
Product Status
Image SLES15-SP3-Micro-5-2-BYOS-Azure Affected
Image SLES15-SP4-Micro-5-3-BYOS Image SLES15-SP4-Micro-5-3-BYOS-Azure Image SLES15-SP4-Micro-5-4-BYOS Image SLES15-SP4-Micro-5-4-BYOS-Azure Affected
Image SLES15-SP4-Micro-5-3 Image SLES15-SP4-Micro-5-3-BYOS-EC2 Image SLES15-SP4-Micro-5-3-BYOS-GCE Image SLES15-SP4-Micro-5-3-EC2 Image SLES15-SP4-Micro-5-4 Image SLES15-SP4-Micro-5-4-BYOS-EC2 Image SLES15-SP4-Micro-5-4-BYOS-GCE Image SLES15-SP4-Micro-5-4-EC2 Image SLES15-SP4-Micro-5-4-GCE Affected
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed

Share

CVE-2025-5791 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy