Skip to main content

Sd CVE-2025-65807

HIGH
Incorrect Privilege Assignment (CWE-266)
2025-12-10 cve@mitre.org
8.4
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 03:20 vuln.today

DescriptionCVE.org

An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command.

AnalysisAI

Local privilege escalation in the sd command-line find-and-replace utility (versions 1.0.0 and earlier, by chmln) allows a local attacker to gain root privileges through a crafted command. The flaw stems from incorrect privilege assignment (CWE-266) and is exploitable locally with no authentication indicated by the CVSS vector (PR:N), yielding full confidentiality, integrity, and availability compromise. Publicly available exploit code exists (proof-of-concept gist), though the EPSS score is low at 0.18% (8th percentile), and the CVE is not listed in CISA KEV.

Vendor StatusVendor

SUSE

Severity: Important

Share

CVE-2025-65807 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy