Skip to main content

Ubuntu EUVDEUVD-2025-32655

| CVE-2025-53881 MEDIUM
UNIX Symbolic Link (Symlink) Following (CWE-61)
2025-10-02 meissner@suse.de
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 13, 2026 - 19:12 euvd
EUVD-2025-32655
Analysis Generated
Mar 13, 2026 - 19:12 vuln.today
CVE Published
Oct 02, 2025 - 14:15 nvd
MEDIUM 6.9

DescriptionCVE.org

A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.

Analysis

A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.

Technical ContextAI

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized.

RemediationAI

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

Vendor StatusVendor

Ubuntu

Priority: Medium
exim4
Release Status Version
trusty not-affected SUSE specific
xenial not-affected SUSE specific
bionic not-affected SUSE specific
focal not-affected SUSE specific
jammy not-affected SUSE specific
noble not-affected SUSE specific
plucky not-affected SUSE specific
upstream not-affected SUSE specific

Debian

exim4
Release Status Fixed Version Urgency
bullseye fixed 4.94.2-7+deb11u3 -
bullseye (security) fixed 4.94.2-7+deb11u4 -
bookworm, bookworm (security) fixed 4.96-15+deb12u7 -
trixie fixed 4.98.2-1 -
forky, sid fixed 4.99.1-1 -
(unstable) not-affected - -

SUSE

Severity: Medium
Product Status
SUSE Package Hub 15 SP6 Fixed
openSUSE Leap 15.6 Fixed
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP6 Fixed

Share

EUVD-2025-32655 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy