How to fix EUVD-2025-32655?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Ubuntu affected by EUVD-2025-32655?

CVE-2025-53881 presents notable security risk rated CVSS 6.9. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2025-32655

| CVE-2025-53881 MEDIUM

2025-10-02 [email protected]

6.9

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 13, 2026 - 19:12 vuln.today

EUVD ID Assigned

Mar 13, 2026 - 19:12 euvd

EUVD-2025-32655

CVE Published

Oct 02, 2025 - 14:15 nvd

MEDIUM 6.9

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.

Analysis

Technical Context

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized.

Remediation

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +34

POC: 0

Vendor Status

Ubuntu

Priority: Medium

exim4

Release	Status	Version
trusty	not-affected	SUSE specific
xenial	not-affected	SUSE specific
bionic	not-affected	SUSE specific
focal	not-affected	SUSE specific
jammy	not-affected	SUSE specific
noble	not-affected	SUSE specific
plucky	not-affected	SUSE specific
upstream	not-affected	SUSE specific

Debian

exim4

Release	Status	Fixed Version	Urgency
bullseye	fixed	4.94.2-7+deb11u3	-
bullseye (security)	fixed	4.94.2-7+deb11u4	-
bookworm, bookworm (security)	fixed	4.96-15+deb12u7	-
trixie	fixed	4.98.2-1	-
forky, sid	fixed	4.99.1-1	-
(unstable)	not-affected	-	-

EUVD-2025-32655 vulnerability details – vuln.today

Back

EUVD-2025-32655

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-32655

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code