CVE-2025-7519

Published: July 12, 2025Last modified: July 18, 2025

Description

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

Severity score breakdown

Parameter	Value
Base score	6.7
Attack Vector	LOCAL
Attack complexity	LOW
Privileges required	HIGH
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity impact	HIGH
Availability impact	HIGH
Vector	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	polkit	Unknown (122-r1)
Alpaquita Linux	Stream	polkit	Unknown (122-r5)

References

https://access.redhat.com/security/cve/CVE-2025-7519
https://bugzilla.redhat.com/show_bug.cgi?id=2379675
https://github.com/polkit-org/polkit/commit/107d3801361b9f9084f78710178e683391f1d245
https://github.com/polkit-org/polkit/pull/570